KeeneticOS 4.3

What’s new?

Welcome to KeeneticOS version 4.3! We’re delighted to announce this latest release, featuring exciting new updates, improvements, and fixes. Special attention has been given to enhancing the Web Interface, ensuring a smoother experience, improved functionality, and easier navigation.

Web Interface improvements:
- Assign network segments to Ethernet ports for extenders.
  Easily manage your wired network segmentation with the new Port Assignment option on the Extender Settings page, directly from the Mesh Wi-Fi System nodes list. Now you can easily assign a specific network segment to your Extender's Ethernet port or disable it when not in use.
- Enhanced password management.
  The updated Password field on the User Accounts page now includes a built-in password strength indicator, automatic generation of secure passwords, and a handy button to quickly copy passwords to your clipboard.
- Improved dashboard information.
  The redesigned My Networks and Wi-Fi card on the System Dashboard provides clearer visibility and detailed statistics, helping you stay informed about your network status.
Security upgrade with advanced DDoS protection.
- Improved network security with automatic defence against connection table overflow attacks.
IPv6 enhancements (CLI).
- Configure dedicated DNS servers specifically for IPv6 subnets.
- IPv6 support for OpenConnect VPN client, including routing and addressing.
- Ability to bind IPv6 static routes to specific connection policies.
- Automatic NAT66 activation for global interface prefixes (/128).

We greatly appreciate your continued support and engagement. Your feedback helps us make Keenetic even better. For any questions, discussions, issue reporting, or contacting our development team, please visit our forum. Thank you for choosing Keenetic!

KeeneticOS 4.3.6

30/07/2025

Improved

Fixed

Resolved multiple translation issues in the Web Interface related to Extender Mode. [NWI-4281]
Fixed an issue that caused the error message socks5 client read auth to appear when using a Proxy connection with socks5 protocol under certain conditions. [NDM-3942]
Fixed various issues related to importing WireGuard configurations from a file, improving reliability and compatibility. [NDM-3943]
The PersistentKeepalive value is now automatically set to 15 seconds when importing a WireGuard configuration file that lacks this parameter, ensuring correct connection establishment. [NDM-3948]
Fixed the MAP-T handling of IPv6 UDP packets with a zero checksum by RFC 6935, improving compatibility with the IPsec protocol. [SYS-1404]

KeeneticOS 4.3.5

11/07/2025

Improved

Fixed

Fixed the usage of the authgroup parameter with the anyconnect protocol in OpenConnect VPN connections. [NDM-3918]
Fixed an issue where rekeying during an IKEv2 VPN connection initiated from a client to a server could cause the client to disconnect. [NDM-3922]
Resolved the binding of an IKEv2/IPsec VPN Server policy to a home network segment. [NDM-3925]
Addressed an issue that caused the ban remote host 127.0.0.1 message to appear in the System log when using the mobile application. [NDM-3926]
Fixed an issue with the DDNS service incorrectly reporting IPv6 update disabled despite the router having an IPv6 address. [NDM-3927]
Fixed an issue where importing WireGuard connection settings from a file with rearranged [Peer] and [Interface] blocks caused the system failed [0xcffd009e] error message to appear in the System log. [NDM-3930]

KeeneticOS 4.3.4

27/06/2025

Improved

Improved handling of routes without a specified outgoing interface. [NDM-3907]
The strict prevention of overlapping network configurations in the Allowed IPs field of the WireGuard peer settings has been replaced with a log notification. [NDM-3888]
Reduced the "ZeroTier0": install accepted route log message flow. [NDM-3903]
Removed excess debug messages from the log. [SYS-1384]
The following improvements have been applied to the Web Interface.
- Added ability to specify the 802.1p Priority Code Point (PCP) mapping to ISP VLANs on the Ethernet Cable Connections to Internet page for compatibility with certain ISPs. [NWI-3726]
- Enabled the display of customised page title prefix on System Dashboard and WebCLI pages. [NWI-4240]

Fixed

Fixed the issue for Windows clients connecting to WPA/WPA2/WPA3 Enterprise-secured networks with Allow WPS option enabled. [SYS-1361]
Fixed the issue with accessing VPN servers when connecting via the IPv6 protocol. [NDM-3886]
Fixed inbound IPv6 connections to the built-in SSH server. [NDM-3891]
The following fixes have been applied to the Web Interface.
- Fixed the appearance of row borders in tables. [NWI-4250]
- Fixed colour notations for the single client tabs on the Traffic Monitor page. [NWI-4243]
- Removed redundant notice on shared user account permissions on the IKEv2/IPsec VPN Server application page. [NWI-4245]
- Corrected the tooltip behaviour for the desktop and mobile versions of the Mesh Wi-Fi System tile on System Dashboard. [NWI-4275]
- Fixed the saving of the ICMP and TCP/UDP (all ports) and ICMP port forwarding rules. [NWI-4253]
- Returned table borders around drag and drop elements. [NWI-4299]

KeeneticOS 4.3.3

06/06/2025

New

Improved

The following improvements have been applied to the Web Interface.
- Restricted the total number of DNS servers across all connections to 64 for better stability. [NWI-3510]
Increased the maximum number of supported Object Groups to 128. [NDM-3862]
Enhanced the allow‑ips validator to prevent overlapping networks across multiple WireGuard peers, ensuring proper routing and peer isolation. [NDM-3868]
Removed unnecessary debug messages Proxy0: 0x7f9ba28be0 socks5 client res.rep from the System log when using Proxy Connections to improve log clarity. [NDM-3875]

Fixed

The following fixes have been applied to the Web Interface.
- Fixed the behavior of the Install updates popup on mobile devices. [NWI-4199]
Fixed clearing of static DNS servers after PPTP reconnections. [NDM-3833]
Corrected traffic accounting issues causing unintended disconnections for remote clients of the IKEv2/IPsec VPN Server. [NDM-3876]
Resolved issues during the simultaneous operation of IKEv1/IPsec VPN Server and Site-to-Site IPsec VPN connections under specific conditions. [NDM-3878]
Fixed an issue potentially causing system restarts under particular conditions when using the IKEv2/IPsec VPN Server. [NDM-3880]

KeeneticOS 4.3.2

22/05/2025

Improved

Fixed

Fixed an issue where disconnected Wi-Fi clients were incorrectly listed as active on the Clients page. [SYS-1337]
The following fixes have been applied to the Web Interface.
- Resolved a TypeError message appearing when selecting the Country of Operation. [NWI-4178]
- Fixed the schedule display issue occurring when schedules were created via command line without descriptions. [NWI-4187]
- Corrected an issue with accessing the Legal Information → Third-Party Software Notices and Information page. [NWI-4194]
- Fixed incorrect application of the Segment default policy under specific circumstances. [NWI-4196]
- Resolved a problem preventing the Wi-Fi Clients page from opening via the My Networks and Wi-Fi card on extender devices. [NWI-4197]
Restored proper handling of empty DNS Resolution Profiles to the behavior found in versions prior to 4.2. [NDM-3843]
Fixed network access issues for clients connected via the L2TP/IPsec VPN server within permitted network segments. [NDM-3715]

KeeneticOS 4.3.1

29/04/2025

New

Introduced the session-logout CLI command to terminate active VPN sessions across various servers (L2TP/IPsec, IKEv1/IPsec, IKEv2/IPsec, SSTP, PPTP, OpenConnect VPN ). [NDM-3788]
- crypto map l2tp-server session-logout {session} — Terminate {session} for L2TP/IPsec VPN server.
- crypto map virtual-ip session-logout {session} — Terminate {session} for IKEv1/IPsec VPN server and IKEv2/IPsec server.
- sstp-server session-logout {session} — Terminate {session} for SSTP VPN server.
- vpn-server session-logout {session} — Terminate {session} for PPTP VPN server.
- oc-server session-logout {session} — Terminate {session} for OpenConnect VPN server.

Improved

Fixed redundant exposure of device details in the Web Interface server, addressing vulnerabilities CVE-2024-4021 and CVE-2024-4022. [NDM-3783]
The following improvements have been applied to the Web Interface.
- Alphabetically sorted the client list in Connection Policies → Policy Bindings for better navigation. [NWI-4092]
- Automatically adds an https:// prefix when copying URIs if the camouflage option is active in OpenConnect VPN server settings. [NWI-4146]
Added random padding to TLS packets for enhanced connection stability on OpenConnect and SSTP protocols. [NDM-3791]

Fixed

Resolved incorrect assignment of the Segment default policy (conform) for automatically registered clients in the home network segment. [NDM-3810]
Fixed an issue with incorrect crypto map configuration in the L2TP/IPsec VPN server during upgrades from OS 4.2.x to 4.3.x. [NDM-3811]
Addressed an issue where duplicate static routes were incorrectly assigned across multiple Connection Policies. [NDM-3814]
Corrected CLI saving issue for the dyndns nobind configuration option. [NDM-3816]
Fixed issues for clients accessing the local network over the OpenConnect VPN server. [NDM-3820]
Resolved various bugs and Web Interface layout issues affecting different screen resolutions. [NWI-4168, NWI-4161, NWI-3901, NWI-4108, NWI-3922, NWI-4083, NWI-4085, NWI-4122, NWI-4125, NWI-4136, NWI-4134, NWI-4135, NWI-4139, NWI-4141, NWI-4130, NWI-4169, NWI-4080, NWI-4160, NWI-4151]

KeeneticOS 4.3.0

10/04/2025

New

Improved

Fixed

The following fixes have been applied to the Web Interface.
- Adjusted row heights in the Client Lists table to remove excess spacing. [NWI-4133]
- Corrected the appearance of the Read more button in knowledge base article lists. [NWI-4137]
- Fixed the colour of the separator line on the Network Ports card. [NWI-4145]
- Restored missing buttons in the confirmation popup dialogue within Fail Safe Configuration Mode. [NWI-4143]
- Improved text annotation spacing for better readability on mobile screens. [NWI-3872]
- Resolved selection issues with segments in the Traffic Monitor pie chart on mobile devices. [NWI-4079]
- Fixed a loading issue affecting the Applications page under certain conditions. [NWI-4104]
- Addressed several display issues on the Connection Policies page for mobile users. [NWI-4114]
- Corrected behaviour to retain the hidden state of the left-side navigation menu after closing and reopening the browser. [NWI-4120]
- Resolved visual and functional issues introduced by updated styling of control elements. [NWI-4140]
Resolved a client isolation issue that previously allowed multicast and broadcast traffic between isolated devices. [SYS-1329]

KeeneticOS 4.3 Beta 4

27/03/2025

Fixed

The following fixes have been applied to the Web Interface.
- Resolved an issue where it was previously possible to create a user account for OPKG and Applications without setting a password. [NWI-3700]
- Fixed tooltip display issues affecting longer lists within the Mesh Wi-Fi System interface card. [NWI-4062]
Resolved connectivity issues affecting devices using Intel® AC9260 and AC9560 Wi-Fi adapters when connected via WPA3-PSK security mode. [SYS-1325]
Corrected multicast forwarding to IPTV ports when Internet and IPTV services have different VLAN configurations. [NDM-3767]
Resolved an issue affecting the application of static custom routes to remote VPN client networks on the L2TP/IPsec VPN server. [NDM-3758]
Fixed an issue with applying Wi-Fi Channel width settings under specific conditions in the Wi-Fi settings interface. [NDM-3764]
Resolved an error causing the message system failed [0xcffd00bd] to appear in the System log when saving IntelliQoS filtering profiles using the command line interface (CLI). [NDM-3770]
Prevented the error message Json::Object: AppendMember: duplicate key: 'fqdn' from appearing in the System log when using FQDN object groups. [NDM-3762]

KeeneticOS 4.3 Beta 3

13/03/2024

Improved

Fixed

Resolved an issue causing Wi-Fi connection instability and incorrect Connected status displayed for certain wireless devices when the Target Wake Time feature was enabled. [SYS-1266]
The following fixes have been applied to the Web Interface.
- Fixed access to the Mesh Wi-Fi System page after adding a new extender. [NDM-3757]
- Fixed an issue where PPPoE authentication settings were unnecessarily reset after choosing Automatic (DHCP) as the Internet connection type. [NWI-4065]
- Fixed the problem preventing reactivation of the Ethernet port once it had been disabled from the System Settings page. [NWI-4066]
Addressed a port conflict issue between WireGuard and OpenVPN connections when creating VPN tunnels. [NDM-3732]
Corrected the User-Agent header content when using the "anyconnect" protocol with OpenConnect VPN connections. [NDM-3733]
- interface {name} openconnect protocol anyconnect — enable anyconnect support for OpenConnect interface {name}
Fixed an issue causing WireGuard VPN connections to lose Advanced Security Configuration (ASC) settings after reconfiguration or reconnection. [SYS-1320]
Resolved remote connection problems with SSTP VPN Server when Web Interface access from the Internet was disabled. [NDM-3747]
Eliminated the duplicate key: group error logged in the System log when using FQDN object groups. [NDM-3755]
Fixed the erroneous log entry detected 5 attributes, only 4 supported when using the Application Classification feature on the IntelliQoS page. [NDM-3756]

KeeneticOS 4.3 Beta 2

27/02/2025

New

Improved

The following improvements have been applied to the Web Interface.
- The Password field on the User Accounts page now includes additional security features: password strength assessment, automatic secure password generation, and a button to copy the password to the clipboard. [NWI-4030]
- The left-side navigation menu (hamburger button) has been redesigned for a more compact and organised submenu structure. [NWI-3839]
Proxy Connections now reset their traffic counters after a manual restart. [NDM-3724]
Updated the OpenSSL library to version 3.3.3, addressing the CVE-2024-12797 and CVE-2024-13176 vulnerabilities. [SYS-1306]

Fixed

The following fixes have been applied to the Web Interface.
- Removed unnecessary browser warnings about unsaved changes during a device OS update. [NWI-3944]
- Fixed an issue where the Wi-Fi toggle behaved incorrectly in the My Networks and Wi-Fi section of the System Dashboard. [NWI-4010]
- Improved tooltip readability in the Application Traffic Analyser table. [NWI-4020]
- Resolved a bug where an unnecessary unset password warning was displayed. [NWI-4033]
- Fixed an issue causing a scroll bar to appear while dragging connections to adjust priority in the Policy Configuration list. [NWI-4044]
- Addressed an issue where the Web Interface page would unexpectedly reload after a system update. [NWI-4047]
Fixed an issue with web cookie handling that caused the Core::Scgi::Tools: bad request: no session error during authentication in the Web Interface. [NDM-3713]
Restored missing static DNS records for KeenDNS subdomains when the ip http proxy dns-override setting is enabled. [NDM-3718]

KeeneticOS updates — Preview Channel

KeeneticOS 4.3

What’s new?

KeeneticOS 4.3.6

Improved

Fixed

KeeneticOS 4.3.5

Improved

Fixed

KeeneticOS 4.3.4

Improved

Fixed

KeeneticOS 4.3.3

New

Improved

Fixed

KeeneticOS 4.3.2

Improved

Fixed

KeeneticOS 4.3.1

New

Improved

Fixed

KeeneticOS 4.3.0

New

Improved

Fixed

KeeneticOS 4.3 Beta 4

Fixed

KeeneticOS 4.3 Beta 3

Improved

Fixed

KeeneticOS 4.3 Beta 2

New

Improved

Fixed

Search results