KeeneticOS 4.0
KeeneticOS 4.0.2
01/08/2023
Fixed
- Restored Fast transition (802.11r) operation for wireless roaming in additional segments such as the Guest segment ( - protected). [NDM-2774] [Forum topic]
- The Ping Check now works correctly when the Operator DNS is disabled and secure DNS over HTTPS (DoH) or DNS over TLS (DoT) is enabled. [NDM-2784] [Forum topic] 
- Fixed issue with adding the default ISP route when setting up a static IPv6 Internet connection. [NDM-2839] 
- Wireless connection with WPA3-PSK ( - SAE-H2Emethod) security no longer triggers a system reboot. [SYS-932]
- The cause of the - not found: interface security-levelerror message in the System log has been fixed when configuring the extender. [NDM-2868]
- The issue of unregistered devices originating from the Extender IP address in additional segments has been resolved. [NDM-2869] [Forum topic] 
KeeneticOS 4.0.1
19/07/2023
Improved
- Faster and more reliable operating system updates for Mesh Wi-Fi nodes. The structure of the Mesh Wi-Fi System and the connections between nodes now determine the order in which nodes are updated. [NDM-2816] 
- The Web interface now supports the Danish language. [SYS-907] 
Fixed
- The cause of the - port 0 is busyerror, which prevented the correct propagation of network segments, has been fixed. [NDM-2852]
- Network segmentation has been fixed to prevent Guest segment devices from accessing the settings of Extender nodes. [NDM-2744] 
- Fixed support for Microsoft Point-to-Point Encryption (MPPE) on L2TP/IPsec connections. [NDM-2859] 
KeeneticOS 4.0.0
07/07/2023
Improved
- The Yandex.DNS presets in the Internet Safety menu now support secure resolutions using DNS-over-HTTPS (DoH) protocol. [SYS-901] 
Fixed
- The name of the segment and other description fields are now protected against the XSS vulnerability in the Web interface. [NWI-2715] 
- Enabling the DNS transit requests feature correctly disables DNS packet interception. [NDM-2769] 
- Fixed an error that caused all WireGuard tunnels to disable when one of the tunnels was turned off. [NDM-2800] [Forum topic] 
- Fixed HTTP server configuration errors after changing the interface security level under certain conditions. [NDM-2832] 
- Fixed - GigabitEthernet1 is off-boarderror when deleting Wired connection via port 0 in the Web interface. [NDM-2651]
KeeneticOS 4.0 Beta 3
23/06/2023
New
- Implemented a new option to de-announce IPv6 prefixes for backup connections. [NDM-2805] 
Improved
- Added ICMPv6 support to - ipv6 staticrules, allowing pingv6 to local devices with IPv6 addresses. [NDM-2760]- ipv6 static (... | icmpv6) [interface] {mac}— enable- icmpv6protocol for specified- {mac}
 
Fixed
- The WireGuard connections no longer restart after NTP time synchronisation. [NDM-2773] [Forum topic] 
- Corrected traffic counting when multiple WAN connections are active. [SYS-880] [Forum topic] 
- Fixed Wi-Fi connection issue when switching channel width from 80 to 20 MHz. [SYS-893] 
KeeneticOS 4.0 Beta 2
09/06/2023
New
- There are no changes for Keenetic Speedster (KN-3010). 
Fixed
- It is now possible to add new extenders to the Wi-Fi system without an Internet connection. [NDM-2594] 
- Speed limits set for multiple registered devices no longer cause the system to spontaneously restart. [NDM-2730] 
- Corrected the display of the Network SSID tooltip for the Scan for networks results list on the Wi-Fi Monitor page. [NWI-2648] [Forum topic] 
- Fixed some minor visual issues with the Web interface layouts. [NWI-2675, NWI-2676] [Forum topic] 
- Fixed positioning of Web UI elements on the System Dashboard page when zooming in Safari iOS 16. [NWI-2626] 
- Fixed the GRE/IPsec connection issue when using IKEv2 and Cisco iOS/Nx-Os endpoints. [NDM-2789] 
KeeneticOS 4.0 Beta 1
26/05/2023
New
- There are no changes for Keenetic Speedster (KN-3010). 
KeeneticOS 4.0 Beta 0.3
20/05/2023
Fixed
- Fixed a reboot issue caused by counting traffic going through the Hardware network accelerator. [SYS-860] 
- Fixed the cause of wireless clients rejoining a Wi-Fi network with Fast transition (802.11r) disabled under certain conditions. [SYS-845] 
- Sorting in the Channels column on the Wi-Fi Monitor page now works correctly. [NWI-2603] [Forum topic] 
- Corrected the layout of the dialogue box of the Fail-safe function. [NWI-2635] [Forum topic] 
- Fixed incorrect local and remote IKEv2 proposal IDs when using GRE/IPsec tunnels. [NDM-2750] 
KeeneticOS 4.0 Beta 0.2
13/05/2023
New
- Implemented a new - ipformat option for the DCHP server in the command line interface (CLI): [NDM-2755]- ip dhcp pool {name} option {2..254} ip {address[,address]*}— set IP address- ipfor certain DCHP- optionnumber
 
KeeneticOS 4.0 Beta 0.1
06/05/2023
Fixed
- The - HEADmethod for- *.htmlresources has been restored in the web server response. [NDM-2748] [Forum topic]
- The misclassification of traffic from registered devices as traffic from unregistered devices in the traffic accounting has been corrected. [SYS-846] [Forum topic] 
KeeneticOS 4.0 Alpha 20
27/04/2023
Improved
- Implemented propagation of Network Time Protocol settings to extenders in the Wi-Fi System. [NDM-2508] 
Fixed
- The incompatibility of the Ping Check service with DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH) name servers has been fixed. [NDM-2739] [Forum topic] 
- Fixed incorrect assignment of VLAN roles to ports in the Web Interface. [NWI-2593] 
KeeneticOS 4.0 Alpha 19
17/04/2023
Fixed
- The KeeneticOS API is re-enabled for the Keenetic mobile application. [SYS-838] [Forum topic] 
- The cause of the - unable to obtain addresseserror message in the System log has been fixed when using DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH) filtering. [NDM-2735] [Forum topic]
- Fixed cause of - resource deadlock avoidederror message in System log coming from- Cloud agent service. [NDM-2736] [Forum topic]
KeeneticOS 4.0 Alpha 18
14/04/2023
New
- The new option to bind DNSv6 addresses is now available via the command line interface (CLI), as follows: - ipv6 name-server {address} [{domain} [on {interface}]]— bind DNSv6- {address}on specified- {interface};- for example: - ipv6 name-server 123::456 "" on UsbLte0
 
Improved
- The initial Ping Check state has been changed to a negative state to avoid using a non-working connection to access the Internet. Reduced initial Ping Check time. [NDM-1837] 
Fixed
- Disabled the use of name servers (DNS servers) on offline backup connections. [NDM-795] 
- The static route for the WireGuard® VPN remote peer is no longer removed after changes are made to the underlying connection of the WireGuard VPN tunnel. [NDM-2522] 
- The bandwidth control of the Connection policy now works as intended for IPsec IKEv2 client connections. [NDM-2537] 
- Fixed incorrect re-association logic when dealing with a roaming Wi-Fi client with PMKID. [SYS-810] 
- Asymmetric speed limiting now works correctly for registered devices when IntelliQoS is enabled. [SYS-836] 
KeeneticOS 4.0 Alpha 17
07/04/2023
Fixed
- The Wireless ISP connection now displays the password field correctly when connecting to a mixed - WPA1-PSK/WPA2-PSKwireless network. [NWI-1544] [Forum topic]
- The Other Devices category returns to the Traffic monitor page. [NWI-2541] 
- Fixed the Safari browser's non-editable Clients isolation checkbox. [NWI-2501] [Forum topic] 
- Fixed adding a route with - /32IP subnet or address mask on the OpenVPN interface. [NDM-2686]
- Fixed a phantom traffic display for unregistered devices. [NDM-2702] 
- The multipath policies now work correctly and do not use connections with negative Ping Check testing results. [NDM-2706] 
KeeneticOS 4.0 Alpha 16
31/03/2023
Improved
- The Firewall service now flushes corresponding sessions when firewall rules are enabled or disabled. [NDM-2690] 
- The maximum MTU size has been increased to - 1514bytes, providing PPPoE MTU =- 1500bytes over VLAN. [SYS-812]
Fixed
- There are no changes for Keenetic Speedster (KN-3010). 
KeeneticOS 4.0 Alpha 15
24/03/2023
Improved
- The - ip aliasconfiguration no longer affects the NAT translation for the primary PPPoE connection. [SYS-806]
KeeneticOS 4.0 Alpha 14
17/03/2023
New
- The Web Interface's new custom HTTPS server port allows you to free up a standard - TCP/443port and forward it to any device on your local network. [NDM-2670]- ip http ssl port {port}— assign a different- {port}for HTTPS server of the Web Interface
 
- Added new optional - usernameand- passwordparameters to the- chilli login {mac}command of the Captive portal system component: [NDM-2679]- interface Chilli0 chilli login {mac} [username {username} password {password}]— make manual authorization with specified- {username}and- {password}
 
Improved
- Added a - robots.txtfile to the Web Interface server to prevent indexing by search engines. [NDM-2673]
Fixed
- Custom DNS resolution profiles are now correctly applied to Segments and registered devices. [NWI-1547] [Forum topic] 
- Prevented IPsec configuration failure using a cryptographic key - crypto ike keywith an unsupported length greater than 72 characters. [NDM-2562]
- Increased the packet queue length of the Captive portal system component to prevent packets from being dropped due to system log congestion errors under heavy load. [NDM-2572] 
- Reconnection of a wireless client to the access point with WPA3-PSK protection works correctly after accidental disconnection. [SYS-797] 
KeeneticOS 4.0 Alpha 13
10/03/2023
New
- The setting for the new On-demand type of Internet connection is available from the Command Line Interface (CLI). The On-demand type of connection is automatically disconnected if a higher priority Internet connection is running. [NDM-2643] - interface {name} standby enable— switch connection type to On-demand for specified interface- {name}
 
- The new Captive Portal option is available for manual authorization of hotspot hosts in the command line interface (CLI): [NDM-2417] - interface Chilli0 chilli login {mac}— make manual authorization for specified- {mac}
 
Fixed
- Corrected Partial data tooltip content display in Safari and Firefox browsers. [NWI-1527] [Forum topic] 
- The OpenVPN connection configuration parser handles the - <auth-user-pass>inline password section correctly. [NDM-2640]
- The cause of the - lock precedence violationerror message in the System log that caused slow Web Interface responses has been fixed. [NDM-2663] [Forum topic]
- The parsing of the security parameters during a - site-surveyaction now operates correctly for an Access Point (AP) that announces WPA2 and Fast Transition (FT). [SYS-796]
KeeneticOS 4.0 Alpha 12
07/03/2023
Improved
- There are no changes for Keenetic Speedster (KN-3010). 
Fixed
- The Select Your Country or Region pop-up displays correctly in desktop and mobile Safari browsers. [NWI-1541] [Forum topic] 
- Fixed the BSS ranking algorithm for the - WifiStationand Mesh Wi-Fi System backhaul connection. [SYS-782]
- The start up of the DHCP client now works correctly on extenders that are connected via wireless backhaul. [NDM-2655] [Forum topic] 
- OpenVPN interface state detection has been restored; this was causing the VPN connection to fail. [NDM-2661] [Forum topic] 
- Fixed a bug introduced in 4.0 Alpha 11 that prevented the Keenetic mobile application agent from starting correctly in KeeneticOS. [SYS-793] 
- Fixed DNS settings incorrectly removed on IKEv1/IPsec and IKEv2/IPsec VPN servers. [NDM-2662] 
KeeneticOS 4.0 Alpha 11
03/03/2023
New
- The Country and Time Zone Confirmation popup will appear when you enter the Web Interface. This confirmation is needed to improve communication with the Keenetic Cloud, time synchronization servers, proper Wi-Fi network announcement, and legal consent. [NWI-1437] 
- In accordance with the requirements of the Federal Law of the Russian Federation No. 152, the Device Privacy Notice will be displayed for your review when you confirm that your country of operation is the Russian Federation. 
- The new 464clat (RFC6877) option has been implemented for the IPv6 transition mechanism. [NDM-2121] 
- The EAEU regional code replaces the former RU code. [NDM-2396] 
- The SNMP server system component now supports IPv6 protocol operation. [NDM-2653] 
Improved
- The SkyDNS IP addresses have been added to the static DNS cache on KeeneticOS to provide a faster connection to the SkyDNS service. [NDM-2497] 
Fixed
- SNMP response now comes from the correct source IP address when accessing via a VPN connection. [NDM-2082] 
- The default route is now correctly assigned for HTTP/HTTPS/SOCKS5 proxy interfaces. [NDM-2366] 
- The Fast Transition (802.11r) option is displayed correctly after changing the network name (SSID) for one of the Wi-Fi bands. [NWI-1508] 
- The Clients tooltip now displays Wi-Fi device names on the Extender's Wi-Fi monitor page. [NWI-1528] [Forum topic] 
- The cause of the - group address 224.0.1.187 is not equal destination addresserror message in the System log has been fixed. [SYS-775]
- The Hardware Network Accelerator operation is restored for the IPv6 protocol. [SYS-779] [Forum topic] 
KeeneticOS 4.0 Alpha 10
20/02/2023
Improved
- The username of the KeeneticOS account now allows the dot ' - .' character. [NWI-1523]
Fixed
- The Phase 1 Rekey time display is corrected in the Web Interface for Site-to-site IPsec VPN connections after changes in system statistics. [NWI-1518] 
KeeneticOS 4.0 Alpha 9
18/02/2023
New
- There are no changes for Keenetic Speedster (KN-3010). 
Improved
- There are no changes for Keenetic Speedster (KN-3010). 
Fixed
- The RADIUS settings propagate correctly from the Controller to all Extenders of the Wi-Fi System. [NDM-2243] 
- IPv4 connectivity restored via an IPv6 MAP-T Internet connection. [NDM-2613] 
- Fixed - connectedstate for HTTP/HTTPS/SOCKSv5 proxy interfaces. [NDM-2627]
KeeneticOS 4.0 Alpha 8
11/02/2023
New
- The Application traffic analyser now supports traffic classification for the ICMP protocol. [SYS-760] 
Improved
- The OpenSSL library is updated to the latest version, - 3.0.8, which fixes the following list of vulnerabilities: [SYS-759]
Fixed
- The Ping Check > Automatic profile operation has been fixed. [NDM-2608] 
- The check box to Enable the SNTP service for local devices is available with a custom configuration of NTP servers. [NWI-1505] 
KeeneticOS 4.0 Alpha 7
07/02/2023
Fixed
- The DHCP renewal process no longer restarts L2TP/PPTP/IPoE Internet connections. [NDM-2590] [Forum topic] 
- Status detection of the interface with a static IPv6 address works as intended. [NDM-2591] 
- Disconnecting the underlying interface for WireGuard® VPN no longer causes traffic flooding. [NDM-2593] [Forum topic] 
KeeneticOS 4.0 Alpha 6
03/02/2023
New
- There are no changes for Keenetic Speedster (KN-3010). 
Improved
- The - ipv6 firewallCLI command has been deprecated and removed. [NDM-1731]
- The network interface status tracking mechanism in KeeneticOS has been redesigned to provide better IPv6 protocol support and faster Web Interface response. [NDM-2415] - Warning- Different types of Internet connections and related functions may be affected. Please make a backup of your firmware image and startup configuration before updating. 
Fixed
- The PPPoE connection now works as intended with IPv6-only connections. [NDM-2585] 
- Disabled PAT (Port Address Translation) for locally generated traffic. This was particularly disruptive to MAP-T and DS-Lite Internet connections. [NDM-2587] [Forum topic] 
- System halt has been fixed when connecting to the cloud service under certain conditions. [NDM-2516] 
KeeneticOS 4.0 Alpha 5
27/01/2023
Improved
- The new WAN IPv6 address assignment option has been implemented in accordance with the RFC6204 (WAA-8) standard. [NDM-2549] 
Fixed
- The cause of the - ndnproxy:out of socket file descriptorserror message in the System log was fixed. It occurs under heavy loading of the- DNS proxyservice. [SYS-727]
- The enabled DNS request transit option now operates as expected for unregistered hosts. [NDM-2547] 
- Fixed - watchdog timer interrupt on CPU0system reboot when using the Traffic shaper system component. [SYS-397]
- The default route via the IPoE interface is now automatically restored after the PPP (PPPoE, L2TP, PPTP) interface is deleted. [NDM-2575] 
KeeneticOS 4.0 Alpha 4
20/01/2023
Improved
- KeeneticOS now allows you to assign - 512hosts with Static IP settings on the Device lists page for registered devices. [NDM-2501]
- Increased KeenDNS service web application records from - 160to- 256. [NDM-2519]
Fixed
- The - DNS proxyservice now handles TCP chunks correctly, resulting in better service stability. [SYS-726]
- Fixed - connectedstate for interfaces with a statically configured IP address. [NDM-2551]
- Phase 1 Rekey time is now displayed correctly for site-to-site IPsec VPN connections. [NDM-2554] 
- Fixed the reason for spontaneous disconnection of remote connections to L2TP/IPsec VPN server. [NDM-2555] 
- The Traffic monitor page now displays the correct average speed for 3 minutes. [NDM-2556] 
- Corrected the "transmitted bytes" statistic in the host traffic monitor legend. [NDM-2560] 
KeeneticOS 4.0 Alpha 3
12/01/2023
New
- The new deSEC (desec.io) service is available for the Dynamic DNS (DDNS) client system component. [NDM-2540] 
- A new CLI command allows the deactivation of an internal - storm-controlfeature for a specific interface:- interface {name} storm-control disable— disable storm-control on- {name}interface
 
Fixed
- Ethernet ports are now operating correctly after re-enabling of the previously disabled ports. [NDM-2529] [Forum topic] 
- Connection priority change no longer modifies the interface state. [NDM-2526] [Forum topic] 
- The - ip6 prefix autosetting no longer disappears from the running configuration. [NDM-2528] [Forum topic]
- The - ICMPand- GREprotocols are now available for the new IPsec traffic selectors with multiple subnets. [NDM-2534] [Forum topic]
- The use of WireGuard® tunnels as the default route with the IPv6 protocol is now fixed. [NDM-2535] 
- Restored the working of IPv6 in IPv4 tunnels after switching to new routing table logic. [NDM-2544] [Forum topic] 
- The - interface ipv6 force-defaultCLI command has been brought back into support for backward compatibility. [NDM-2545] [Forum topic]
KeeneticOS 4.0 Alpha 2
30/12/2022
Fixed
- The Fail-safe configuration mode no longer causes an unnecessary reboot. The timeout is set to three minutes. [NWI-1496] 
- The Provider name description now displays correctly on the Dashboard and Connection priorities pages. [NWI-1495] [Forum topic] 
- The cause of the - not found: show/ip6/routeserror messages in the System log was fixed. [NWI-1497] [Forum topic]
- Restored PPPoE interface management when it changes up or down state. [NDM-2523] [Forum topic] 
- The SSTP VPN server now supports legacy - TLSv1/SHA1algorithms for correct SSTP connection with particular Windows 7 clients. [NDM-2525] [Forum topic]
KeeneticOS 4.0 Alpha 1
27/12/2022
New
- The new IPv6 Prefix Delegation option has been implemented for subnetting. [NDM-1976] - Use the following CLI commands to set: - ipv6 subnet {name} prefix length {length}— set subnet prefix length
- ipv6 subnet {name} prefix delegate {delegate}— set delegated prefix length (must be shorter than prefix length)
 - A typical configuration Prefix Delegation for a Home segment looks like follows: - ipv6 subnet Default bind Home mode dhcp prefix length 63 prefix delegate 64 number 0
- The new multiple subnets option is available for Site-to-site IPsec VPN connections in Phase 2, providing network connectivity between several subnets over a VPN tunnel. [NDM-313] - Use the following CLI commands to set: - object-group ip {name}— create a new object group- include (ip | tcp | udp | tcpudp | icmp) {address} [{port} [{end-port}]]
- exclude (ip | tcp | udp | tcpudp | icmp) {address} [{port} [{end-port}]]
 
- crypto map {name} traffic-selectors {local} {remote}— assign local/remote object groups as Phase 2 selectors
 
- The new Add local subnet and Add remote subnet options are available for Site-to-site IPsec VPN connections on the Internet > Other connections page.  
- Implemented host traffic accounting for IPv6 protocol, providing correct calculation for the incoming/outgoing data of your home devices. [SYS-648] 
- The Application traffic analyser now supports traffic classification for the IPv6 protocol. [SYS-652] 
- The Traffic shaper system component now supports operation with the IPv6 protocol, providing correct traffic limitation for data flows of IPv4/IPv6 together. [SYS-658] 
- The Web Interface receives core support for IPv6 connections. [NDM-2448] 
- The OpenVPN client and server system component now supports the IPv6 protocol for VPN connection. [NDM-2451] 
- The Wireguard VPN component now internally supports the IPv6 protocol for VPN connection. [NDM-2452] 
- Implemented support for 802.1Q tagged VLAN traffic over - AccessPointand- WifiStation(Wireless ISP) interfaces. [SYS-682]
- The new HTTP/HTTPS URI mode of the Ping Check allows you to specify the host address to check using a URI (Uniform Resource Identifier). [NDM-2490] [Forum topic] - Use the following CLI commands to set: - ping-check profile {name} mode (icmp | connect | tls | uri)— enable URI checking for Ping Check profile- {name}
- ping-check profile {name} uri {uri}— set URI
 
- Connection policy now operates with the IPv6 protocol. [NDM-2515] 
Improved
Fixed
- DNS IPv6 responses now sent from the correct and expected port 53. [NDM-2439]