KeeneticOS 3.8
What’s new?
Here are the themes we are developing right now.
- New content filtering and ad-blocking options: - Choose filtering profiles from popular public DNS resolvers: AdGuard DNS, CleanBrowsing, Cloudflare DNS, Neustar UltraDNS Public, OpenDNS, Quad9, Yandex.DNS; 
- Mix and match filtering profiles from different service providers to your devices in one setup; 
- Add your custom DNS profiles and use them along with public DNS resolvers; 
- Assign default filtering profiles to network segments; 
- Try content filtering services from the NextDNS. 
 
Would you mind giving us feedback in the forum?
KeeneticOS 3.8.2
22/06/2022
Fixed
- Fixed the issue with the Safari browser which was resulting in a blank Web Interface Login page. [NWI-1216] [Forum topic] 
KeeneticOS 3.8.1
20/06/2022
Improved
- Renaming of the Extender now executes faster, and no longer causes re-calculation for the whole Mesh Wi-Fi system. [NDM-1838] 
Fixed
- The Unregister action for the network host is now executed more carefully, with forced deletion of the Static IP setting. [NWI-1113] 
- The validator for the requested KeenDNS domain name now acts according to RFC 5890. The ' - -' symbol is prohibited at the KeenDNS domain's beginning and end. [NWI-1159]
- After deactivation, the Wi-Fi network's Fast Transition (802.11r) feature remained advertised due to misconfiguration, leading to connection errors. [SYS-574] 
KeeneticOS 3.8.0
10/06/2022
New
- The new Channel number option for Wireless ISP connections allows setting of a specific channel number instead of automatic channel selection based on an SSID. This setting significantly reduces the air scanning time, leaving more slots for Wi-Fi distribution and Mesh Wi-Fi backhaul operation. Use this setting for scenarios when the uplink ISP or Hotspot has a fixed Wi-Fi channel number. [NWI-938]  
Fixed
- Switching wireless networks on/off at the Home segment configuration page of a Keenetic device in Access point/Extender mode no longer leads to loss of device control for a while. [NDM-2178] 
- Fixed DoT (DNS over TLS) operation after reconnection of a PPPoE session. [NDM-2215] 
- The Wi-Fi SMPS (Spatial Multiplexing Power Save) feature now correctly handles requests from Qualcomm 835/845/855 wireless clients providing a dynamic switching MIMO scheme from 2x2 to 1x1 and vice versa. [SYS-560] 
- The WPS enrollee mode is disabled on the Access Point, providing a correct wireless connection flow for specific devices. [SYS-540] 
- Fixed the reason for a sporadic - VLAN ID is busyerror message on the device in the Extender mode. [NDM-2252]
KeeneticOS 3.8 Beta 2
20/05/2022
New
- Added support for the 4G Cat4 8330FT USB modem branded by mobile operator MTS. [NDM-2210] 
- The new default setting Auto for time synchronization selects NTP servers automatically from Keenetic's cloud infrastructure, with the option to manually set up custom servers. [NWI-1107] 
Improved
- Using the Web Interface to assign an Ethernet port to the Guest segment enables its operation if wireless networks are disabled. [NWI-1029] 
- The new Bandwidth control mode selector (Auto / Manual / Disabled) for inbound and outbound traffic is now available for configuring connections in the Internet Connections policies. [NWI-1070]   
- The OpenSSL library is updated to the latest version, - 1.1.1o, fixing the CVE-2022-1292 and CVE-2022-1473 vulnerabilities. [SYS-551]
Fixed
- Fixed the misbehaviour of tabs across the Web Interface while changing orientation from portrait (vertical) to landscape (horizontal) and vice versa in mobile browsers. [NWI-1026] 
- Updated and unified toggle behaviour for the Application section. [NWI-1037] [Forum topic] 
- The L2TP reception window is increased to 1024 packets to fine-tune performance. [NDM-2138] 
- The Keenetic will not serve DNS requests when not in the Router mode. [NDM-2205] 
- Fixed erroneous Connection priority selector behaviour occurring under certain conditions. [NWI-1068] 
- Corrected hint descriptions and wrongly allowed zero Off-hook and Dial digit timers in Phone station settings. [NWI-1090] 
- Added hint with allowed values for Registration timeout in Phone Lines setting. [NWI-1091] 
- Restored Internet Checker behaviour to support default routes through a gateway in the local network using topologies with a non-Keenetic device as the primary router. [NDM-2220] 
- The Default content filtering profiles for multiple network segments now act correctly. [NDM-2230] 
- Fixed the reason for the - fastvpnservice operation causing the following messages- fastvpn: len = 56, head = ...in the System log. [SYS-557] [Forum topic]
KeeneticOS 3.8 Beta 1
21/04/2022
New
- Added support for the 4G LTE Cat4 Quectel EC200T modem module. [NDM-2164] - Tip- To connect an LTE module to your Keenetic device, you can purchase a third-party USB adapter with a SIM card slot for the Mini PCI-E LTE module or M.2 LTE module. 
- Added support for the 3G Huawei K4201 modem. [NDM-2186] 
Improved
- Added - MTUcontrol to IKEv2 VPN client configuration in the advanced settings section, providing better interoperability with certain VPN providers, for example, Surfshark VPN. [NWI-974] 
- Added a warning message while setting up a Port forwarding rule for the HTTPS or 443/TCP protocol. [NWI-977]   
- Increased the maximum PSK key size up to - 196characters for IPsec VPN and IPsec/L2TP connections, providing proper connection to corporate networks with firm security policies. [NDM-2128]
- Added the display of the - regional codenext to the Model name field on the About the system tile. [NWI-1027]
- Improved IPv4 availability criteria for - MAP-T-enabled connections for the proper display on the Dashboard page. [NWI-1025]
- Added links to the NextDNS account configurations on the Internet safety page, providing easy access to the NextDNS management portal. [NWI-1020] [Forum topic]  
- Added support for two-factor authentication (2FA) for the NextDNS service on the Internet safety page. [NWI-1021]  
Fixed
- Muted excessive debug messages from - https-dns-proxy: curl ...DNS over HTTPS (DoH) service of the KeeneticOS. [SYS-516]
- The Download station application now operates correctly in the mobile application, without the error message — - RPC error: end of stream. [NDM-2133]
- Wi-Fi radio turned off by the Wi-Fi button now keeps this state after a system reboot or power-off event. [SYS-78] 
KeeneticOS 3.8 Alpha 8
18/03/2022
Improved
- The Mesh Wi-Fi System controller now configures multiple extenders simultaneously. This improvement dramatically reduces start-up times for the systems with many extenders. [NDM-2003] 
- The Captive portal option is now available for multiple network segments simultaneously. [NWI-916] 
- The Application traffic analyser now identifies different types of traffic within one application, for example, Video/Voice call or File transfer within the WhatsApp application. Based on this data, IntelliQoS can further enhance traffic priority. [NWI-951] 
- Added MAP-T connection information to the System dashboard. [NWI-960] 
- Updated to the latest OpenSSL library version 1.1.1n, which fixes the CVE-2022-0778 vulnerability. [SYS-523] 
Fixed
- UPnP port forwarding now works accurately with multiple Internet connections policies in place. [NDM-1382] 
- Fixed the WireGuard® outgoing packet loop when the underlying WAN link goes down. [NDM-852] 
- Moving registered devices between Internet Connection policies profiles won't break their work schedule(s) anymore. [NDM-1716] 
- Fixed the display of the Ports and VLANs settings on mobile devices. [NWI-924] [Forum topic] 
- Fixed multiple remote peer support for OpenVPN connections. [NDM-2115] 
- DNS servers configured for WireGuard® connections now work accurately. [NDM-2122] 
- Fixed the configuration logic of the automatic default route for MAP-T. [NDM-2125] 
- Internet connection via IPv6 MAP-T now supports the - 1:1 IPv4sharing ratio option. [NDM-2127]
KeeneticOS 3.8 Alpha 7
04/03/2022
New
- The new MAP-T option is available for tunnelling IPv4 protocol packets over an ISP's internal IPv6-only network according to the RFC7599. Please check whether your ISP supports this feature. [NDM-1824, NWI-906]  
- The new Conditional Wi-Fi broadcast option is available for the Mesh Wi-Fi System. When enabled, Wi-Fi System Extenders stop wireless network broadcasting when the Wi-Fi System Controller is inaccessible. [NWI-895]  
- The Internet connection policy now has the Adaptive Outbound Speed Limit option, currently available through the CLI only, as follows: [NDM-2109] - ip policy rate-limit output ({rate} | auto)
 
- Added a drop-down setting - 3G/4G frequency band selection - for - UsbLte-type modems supporting this feature. [NWI-919]
Improved
- The user properties menu is now directly accessible from the Applications settings with user credentials. [NWI-893] 
- Updated the metadata file of the Web Interface to comply with the Progressive Web App (PWA) specification. [NWI-904] [Forum topic] 
- Enabled bridging of Realtek USB-LAN adapters on acquired Extenders , providing a way to connect the Extender to the Mesh Wi-Fi Controller via USB-LAN adapter. [NDM-2108] 
- Improved traffic classification through additional attribute parsing. [NDM-2021] 
- Changed the RTP (Real-time Transport Protocol) classification category to Voice over IP for the Cloud-based content filtering and ad blocking system component. [NDM-2110] 
- We replaced Service Class with a Traffic Priority setting for registered devices and IntelliQoS. [NWI-939]   
Fixed
- The KeeneticOS now operates correctly with a - startup-configfile size of more than 64 Kbytes. [NDM-2090]
- Fixed the selection of an optimal backhaul connection to the Mesh Wi-Fi System node based on Wi‑Fi RSSI and STP distance metrics. [SYS-486] 
- Fixed the - invalid domain nameerror messages for the DHCP server with an enabled- update-dnsoption upon receiving DHCP requests with special symbols in the- hostnamefield. [NDM-2085]
- Fixed invalid remote RADIUS server requests with WPA2 Enterprise network protection. [NDM-2081] 
- The menu list of the Web Interface now displays with full height on the mobile Safari® browser. [NWI-914] [Forum topic] 
KeeneticOS 3.8 Alpha 6
14/02/2022
Fixed
- Fixed spontaneous shutdown of the SMB file and printer sharing component under heavy use of system - IPC$and- spoolssresources. [SYS-487]
- Enhanced detection of 4G/3G USB modems by Huawei producing the following System log message - usbfs: process 203 (ndm) did not claim interface 1 before use. [NDM-2063]
- The Port Forwarding page now displays correctly on mobile screens. [NWI-883] [Forum topic] 
KeeneticOS 3.8 Alpha 5
07/02/2022
Improved
- New configuration option for devices in the Extender mode: a network Segment can have No IP address. [NWI-847] [Forum topic] 
Fixed
- The Wireless ISP connection can now link correctly to a third-party Wi-Fi network with an active - backhaulsupport bit. [SYS-479]
- The Band Steering algorithm has improved signal level measuring to prevent early swapping of wireless clients between 2.4 and 5 GHz bands. [SYS-379] 
- The sorting of the User-defined routes table now functions appropriately. [NWI-873] [Forum topic] 
KeeneticOS 3.8 Alpha 4
01/02/2022
New
- Added per-host sessions counters on the Management > Diagnostics > Active connections screen. [NWI-844] 
- The new Session expiry timeout parameter is available in the Captive portal settings. The session terminates when the Captive portal client does not renew the DHCP lease for a specified period. The maximum lease time is 72 hours (4320 minutes). [NWI-867] 
Improved
- The L2TP/IPsec VPN connection operates more stably under heavy load. [SYS-39] 
- Added a cautionary note for the Negotiation mode selector in IKEv1 IPsec connection setup. [NWI-877] - Note- Use the Aggressive mode for compatibility purposes only as it introduces security risks. If this Keenetic device has the IPsec server (Virtual IP) or L2TP/IPsec VPN servers enabled, the IPsec VPN connections enforce the Main negotiation mode regardless of this setting. 
- Added an option to save KeeneticOS and configuration files before a manual system update. [NWI-871] 
- The controls of the User-defined routes section are moved to the top, providing easy management, with a long list of the routes. [NWI-862] [Forum topic] 
Fixed
- Opening the Internet safety menu does not cause the - Core::Configurator: not found: "show/rc/dns-proxy/filter/engine"error message in the System log when there are no installed KeeneticOS components of this category. [NWI-866] [Forum topic]
- The Wi-Fi beacon frames broadcasted during the auto-channel selection (ACS) routine had invalid channel numbers. [SYS-473] 
- Fixed LED indication of packet transmission over the 5 GHz radio interface while the 2.4 GHz Wi‑Fi network is disabled. [SYS-475] [Forum topic] 
- The Wireless ISP tile for 5 GHz connection on the Dashboard menu now links to the proper path, Wireless ISP > WISP 5GHz. [NWI-872] 
- Keenetic RMM service polls no longer produce - ndm: Hotspot::Account: data is absent for host "aa:bb:cc:dd:ee:ff"error messages for devices that have been offline since system restart. [NDM-2057]
- The Active connections section of the Diagnostics menu once again displays statistics. [NDM-2061] [Forum topic] 
KeeneticOS 3.8 Alpha 3
24/01/2022
New
- Implemented support for QMI-modems with dual-SIM slots: Use the following CLI command to select a SIM card slot. A compatible dual-SIM USB-to-M.2 adapter and QMI modem are required. [NDM-2015] - interface {name} sim slot ( 1 | 2 )— select active SIM slot for modem usage.
 
- Extended flexibility with a secure DNS setup: Resolve specified domain names via a preset secure DNS server with the following CLI commands for DoT (DNS over TLS) and DoH (DNS over HTTPS) options. [NDM-2040] [Forum topic] - dns-proxy tls upstream {address} [port] [sni {sni}] [spki {spki}] [on {interface}] [domain {domain}]
- dns-proxy https upstream {url} {json | dnsm} [spki {spki}] [on {interface}] [domain {domain}]
 
Fixed
- The CLI command for disabling ARP discovery - ip hotspot auto-scan no interface Homenow operates correctly when the corresponding Segment uses a wide IP subnet mask- 255.255.240.0. [NDM-1940]
KeeneticOS 3.8 Alpha 2
17/01/2022
New
- The 4G LTE Cat4 Huawei E5377Ts-32 USB mobile router is now supported. [NDM-2027] 
- A new configuration option for improved compatibility with legacy Wi-Fi clients: Control the TKIP countermeasures - hold-downtimer. If the Wi‑Fi Access Point with WPA-PSK + WPA2-PSK protection mode detects two- MIC errors in RXfailures within 60 seconds, it blocks all the wireless TKIP clients on that interface for the hold-down timer. Use this command to disable or tune this behaviour. [SYS-434]- interface {name} encryption tkip hold-down {hold-down}— set the- hold-downtimer in seconds (from 0 to 60). The default value is 60 sec.
 
- Support for USB modems with password-protected configuration API is now available. Use the following CLI commands for settings. [NDM-289]: - interface {name} web-api login {login}— set modem login;
- interface {name} web-api password {password}— set modem password.
 
- Added an option to assign a static IP address for the USB modem with configuration API. [NDM-1749]: - interface {name} web-api address {address}— set modem IP address WEB Interface used for the management.
 
- Added DDNS update status on the Domain name > DDNS configuration page. [NWI-818] 
Improved
- Improved Network ports tile of the System dashboard now links to System settings > Network ports for all operating modes of the Keenetic. [NWI-822] 
- System dashboard improvement: Use the Change link to modify the schedule of Wi‑Fi network availability when Wi-Fi is disabled. [NWI-840]  
Fixed
- Fixed a sporadically occurring situation when data transmitted from the wireless interface of Mesh Wi‑Fi System Controller to an Extender, for instance, DCHP protocol, is blocked after reconfiguring the network segment. [SYS-436] 
- The 5 GHz Wireless ISP (WISP) connection now operates correctly with the ZTE ZXHN F680 GPON-terminal. [SYS-424] 
- Fixed the APN settings display for the serial type ( - UsbModem[N]) modem interfaces in the Web Interface. [NWI-817]
- Fixed an error in accessing the device's Web Interface after a few days of operation, causing the following messages in the System log. [NDM-2046] - ndm: Http::Nginx: there are errors in config, reconfigure.
- ndm: Http::Manager: unable to update configuration, retry.
 
- Repaired the DHCP-client startup when the Keenetic is connected to the Internet as a Wi‑Fi client. [NDM-2028] 
- Fixed - ntce: unknown protocol.error message in the System log of the Traffic classification engine component triggered by IPv6/Teredo packets. [NDM-2044]
- The IPv6 section of the System dashboard menu now displays only the default IPv6 gateway for the corresponding interface. [NWI-823] [Forum topic] 
- Fixed an - Invalid username or passworderror displaying on the Web Interface Login page under certain conditions. [NWI-805] [Forum topic]
- Changed the colour of the SMS notification icon for mobile screens providing better visibility. Note that the SMS menu is available for connected QMI‑type modems only. [NWI-809] 
- Fixed hint layout and uptime label on dashboard tiles for mobile screens. [NWI-832] 
- Corrected Network access naming for VPN server settings. [NWI-838] [Forum topic] 
KeeneticOS 3.8 Alpha 1
23/12/2021
New
- New content filtering option: NextDNS service is available now as the KeeneticOS system component. Install the NextDNS component and register an account with the service before use. [NDM-1870]    - The following CLI commands are available to configure the NextDNS component: - nextdns check-availability;
- nextdns authenticate {login} {password} [{pin}]— please register with NextDNS before authentication;
- show nextdns profiles— look for the token associated with the filtering profile and apply it with the following command;
- nextdns assign ( ({host} {token}) | (interface {iface} {token}) | {token} );
- dns-proxy filter engine nextdns— to enable NextDNS.
 
- New configuration option for Traffic classification engine: Use the - no ntce memory-watcherCLI command to disable the memory "pressure watcher" mechanism enabled by default. [NDM-1995]
- More content filtering and ad blocking choices with outstanding flexibility: AdGuard DNS, CleanBrowsing, Cloudflare DNS, Neustar UltraDNS Public, OpenDNS, Quad9, Yandex.DNS are now available at once with the redesigned Public DNS resolvers & custom DNS profiles option. Mix and match content filtering services with registered devices for complete control. Install the all-new Cloud-based Content Filtering and Ad Blocking system component of KeenetiсOS and give it a try. [NDM-1820, SYS-361, NWI-784]   - Warning- We suggest making a configuration backup before trying the new version of KeeneticOS 3.8. The new Cloud-based Content Filtering and Ad Blocking component settings are incompatible with previous versions of KeeneticOS. - When installing version 3.8, the existing settings of Yandex.DNS, AdGuard DNS, and Cloudflare DNS components automatically migrate to the new Cloud-based Content Filtering and Ad Blocking component. 
- Native support for more 4G modems: - Tip- To connect an LTE module to your Keenetic device, you can purchase a third-party USB adapter with a SIM card slot for the Mini PCI-E LTE module or M.2 LTE module. - MM200-1 4G LTE Cat4 USB-modem as branded by the mobile operator Tele2. [NDM-1990] 
 
- New control option for Mesh Wi‑Fi system: Reboot Wi-Fi system extenders from the controller using the new CLI command - mws member {member} reboot. [NDM-1946]
Improved
- More details for mobile connection: 3G DC-HSPA+ connection mode indication is now available for QMI-type modems. [NDM-1983] 
Fixed
- The inbound and outbound Speed limits of the custom Internet connection policy now operate accurately. [NDM-1889]   
- Fixed concurrent operation of the Speed limit for a Registered device and a custom Internet connection policy with speed limits. [NDM-1751]