KeeneticOS 3.8

What’s new?

New content filtering and ad-blocking options:
- Choose filtering profiles from popular public DNS resolvers: AdGuard DNS, CleanBrowsing, Cloudflare DNS, Neustar UltraDNS Public, OpenDNS, Quad9, Yandex.DNS;
- Mix and match filtering profiles from different service providers to your devices in one setup;
- Add your custom DNS profiles and use them along with public DNS resolvers;
- Assign default filtering profiles to network segments;
- Try content filtering services from the NextDNS.

KeeneticOS 3.8.5

02/09/2022

Improved

Fixed

KeeneticOS 3.8.4

12/08/2022

Improved

Fixed

Renaming an Extender no longer causes unnecessary reconfiguration of the Wi-Fi System. [NWI-1188]
The empty Traffic Monitor page has been fixed. [NWI-1290]
The Enter button acts as the Next string action instead of the Save action during editing of the OpenVPN connection. [NWI-1286]
The legend captions for the Spectrum analyser and Wi-Fi monitor have been corrected. [NWI-1285]
Fixed the font size of the IPsec VPN input fields in the Safari browser. [NWI-1287]
Restored DNS over TLS (DoT) operation with custom Domain setting. [NDM-2286]

KeeneticOS 3.8.3

12/07/2022

Fixed

Corrected the Address pool size calculation for the DHCP server of the Segment settings. [NWI-1119]
Fixed the TLS domain name and Domain fields mixing up in DNS configuration settings under certain conditions. [NWI-1222]
Adding a custom DNS server no longer requires a double saving action in the Web Interface. [NWI-1223]
Restored the Speed limit saving for unregistered devices in the Device lists menu. [NWI-1239]
The message telling that the ISP is managing the Keenetic device appeared in the wrong context under certain conditions. [NWI-1246]
Keenetic mobile application no longer sends the alert about an empty administrator password after the initial setup. [SYS-583]

KeeneticOS 3.8.2

22/06/2022

Fixed

KeeneticOS 3.8.1

20/06/2022

Improved

Fixed

The Unregister action for the network host is now executed more carefully, with forced deletion of the Static IP setting. [NWI-1113]
The validator for the requested KeenDNS domain name now acts according to RFC 5890. The '-' symbol is prohibited at the KeenDNS domain's beginning and end. [NWI-1159]
Fixed the bug preventing Extender from re-establishing the wireless backhaul link after a Controller restart under certain conditions. [SYS-570]
After deactivation, the Wi-Fi network's Fast Transition (802.11r) feature remained advertised due to misconfiguration, leading to connection errors. [SYS-574]

KeeneticOS 3.8.0

10/06/2022

New

Fixed

Fixed the Hardware network accelerator toggle visibility depending on installed KeeneticOS system component. [NWI-1146]
Switching wireless networks on/off at the Home segment configuration page of a Keenetic device in Access point/Extender mode no longer leads to loss of device control for a while. [NDM-2178]
Fixed DoT (DNS over TLS) operation after reconnection of a PPPoE session. [NDM-2215]
The WPS enrollee mode is disabled on the Access Point, providing a correct wireless connection flow for specific devices. [SYS-540]
Fixed the reason for a sporadic VLAN ID is busy error message on the device in the Extender mode. [NDM-2252]

KeeneticOS 3.8 Beta 2

20/05/2022

New

Improved

Fixed

Fixed the misbehaviour of tabs across the Web Interface while changing orientation from portrait (vertical) to landscape (horizontal) and vice versa in mobile browsers. [NWI-1026]
Updated and unified toggle behaviour for the Application section. [NWI-1037]
The L2TP reception window is increased to 1024 packets to fine-tune performance. [NDM-2138]
Internet Checker probe requests are suppressed until consent to the Device Privacy Notice is given. [NDM-2201]
The Keenetic will not serve DNS requests when not in the Router mode. [NDM-2205]
Fixed erroneous Connection priority selector behaviour occurring under certain conditions. [NWI-1068]
KeeneticOS time synchronization via the NTP protocol is postponed until consent to the Device Privacy Notice is secured. [NDM-2217]
Restored Internet Checker behaviour to support default routes through a gateway in the local network using topologies with a non-Keenetic device as the primary router. [NDM-2220]
The Default content filtering profiles for multiple network segments now act correctly. [NDM-2230]
Fixed the reason for the fastvpn service operation causing the following messages fastvpn: len = 56, head = ... in the System log. [SYS-557]

KeeneticOS 3.8 Beta 1

21/04/2022

New

The new MAP-T option is available for tunnelling IPv4 protocol packets over an ISP's internal IPv6-only network according to the RFC7599. Please check whether your ISP supports this feature. [NDM-1824, NWI-906]
The new Conditional Wi-Fi broadcast option is available for the Mesh Wi-Fi System. When enabled, Wi-Fi System Extenders stop wireless network broadcasting when the Wi-Fi System Controller is inaccessible. [NWI-895]
The Internet connection policy now has the Adaptive Outbound Speed Limit option, currently available through the CLI only, as follows: [NDM-2109]
- ip policy rate-limit output ({rate} | auto)

New content filtering option: NextDNS service is available now as the KeeneticOS system component. Install the NextDNS component and register an account with the service before use. [NDM-1870]
The following CLI commands are available to configure the NextDNS component:
- nextdns check-availability;
- nextdns authenticate {login} {password} [{pin}] — please register with NextDNS before authentication;
- show nextdns profiles — look for the token associated with the filtering profile and apply it with the following command;
- nextdns assign ( ({host} {token}) | (interface {iface} {token}) | {token} );
- dns-proxy filter engine nextdns — to enable NextDNS.
New configuration option for Traffic classification engine: Use the no ntce memory-watcher CLI command to disable the memory "pressure watcher" mechanism enabled by default. [NDM-1995]
More content filtering and ad blocking choices with outstanding flexibility: AdGuard DNS, CleanBrowsing, Cloudflare DNS, Neustar UltraDNS Public, OpenDNS, Quad9, Yandex.DNS are now available at once with the redesigned Public DNS resolvers & custom DNS profiles option. Mix and match content filtering services with registered devices for complete control. Install the all-new Cloud-based Content Filtering and Ad Blocking system component of KeenetiсOS and give it a try. [NDM-1820, SYS-361, NWI-784]
Warning
We suggest making a configuration backup before trying the new version of KeeneticOS 3.8. The new Cloud-based Content Filtering and Ad Blocking component settings are incompatible with previous versions of KeeneticOS.
When installing version 3.8, the existing settings of AdGuard DNS, and Cloudflare DNS components automatically migrate to the new Cloud-based Content Filtering and Ad Blocking component.
New control option for Mesh Wi‑Fi system: Reboot Wi-Fi system extenders from the controller using the new CLI command mws member {member} reboot. [NDM-1946]

Improved

Added MTU control to IKEv2 VPN client configuration in the advanced settings section, providing better interoperability with certain VPN providers, for example, Surfshark VPN. [NWI-974]
Added a warning message while setting up a Port forwarding rule for the HTTPS or 443/TCP protocol. [NWI-977]
Increased the maximum PSK key size up to 196 characters for IPsec VPN and IPsec/L2TP connections, providing proper connection to corporate networks with firm security policies. [NDM-2128]
Added the display of the regional code next to the Model name field on the About the system tile. [NWI-1027]
Improved IPv4 availability criteria for MAP-T-enabled connections for the proper display on the Dashboard page. [NWI-1025]
Added links to the NextDNS account configurations on the Internet safety page, providing easy access to the NextDNS management portal. [NWI-1020]
Added support for two-factor authentication (2FA) for the NextDNS service on the Internet safety page. [NWI-1021]

The Mesh Wi-Fi System controller now configures multiple extenders simultaneously. This improvement dramatically reduces start-up times for the systems with many extenders. [NDM-2003]
The Captive portal option is now available for multiple network segments simultaneously. [NWI-916]
The Application traffic analyser now identifies different types of traffic within one application, for example, Video/Voice call or File transfer within the WhatsApp application. Based on this data, IntelliQoS can further enhance traffic priority. [NWI-951]
Added MAP-T connection information to the System dashboard. [NWI-960]

The user properties menu is now directly accessible from the Applications settings with user credentials. [NWI-893]
Updated the metadata file of the Web Interface to comply with the Progressive Web App (PWA) specification. [NWI-904]
Improved traffic classification through additional attribute parsing. [NDM-2021]
Changed the RTP (Real-time Transport Protocol) classification category to Voice over IP for the Cloud-based content filtering and ad blocking system component. [NDM-2110]
Enabled offloading of the Top — Traffic priority via the hardware PPE (Packet Processing Engine). [SYS-506]
We replaced Service Class with a Traffic Priority setting for registered devices and IntelliQoS. [NWI-939]

Added a cautionary note for the Negotiation mode selector in IKEv1 IPsec connection setup. [NWI-877]
Note
Use the Aggressive mode for compatibility purposes only as it introduces security risks. If this Keenetic device has the IPsec server (Virtual IP) or L2TP/IPsec VPN servers enabled, the IPsec VPN connections enforce the Main negotiation mode regardless of this setting.
Added an option to save KeeneticOS and configuration files before a manual system update. [NWI-871]
The controls of the User-defined routes section are moved to the top, providing easy management, with a long list of the routes. [NWI-862]

Fixed

UPnP port forwarding now works accurately with multiple Internet connections policies in place. [NDM-1382]
Fixed the WireGuard® outgoing packet loop when the underlying WAN link goes down. [NDM-852]
Moving registered devices between Internet Connection policies profiles won't break their work schedule(s) anymore. [NDM-1716]
DNS servers configured for WireGuard® connections now work accurately. [NDM-2122]
Fixed the configuration logic of the automatic default route for MAP-T. [NDM-2125]
Internet connection via IPv6 MAP-T now supports the 1:1 IPv4 sharing ratio option. [NDM-2127]

Fixed the selection of an optimal backhaul connection to the Mesh Wi-Fi System node based on Wi‑Fi RSSI and STP distance metrics. [SYS-486]
Fixed the invalid domain name error messages for the DHCP server with an enabled update-dns option upon receiving DHCP requests with special symbols in the hostname field. [NDM-2085]
Fixed invalid remote RADIUS server requests with WPA2 Enterprise network protection. [NDM-2081]
The menu list of the Web Interface now displays with full height on the mobile Safari® browser. [NWI-914]

KeeneticOS updates — Preview Channel

KeeneticOS 3.8

What’s new?

KeeneticOS 3.8.5

Improved

Fixed

KeeneticOS 3.8.4

Improved

Fixed

KeeneticOS 3.8.3

Fixed

KeeneticOS 3.8.2

Fixed

KeeneticOS 3.8.1

Improved

Fixed

KeeneticOS 3.8.0

New

Fixed

KeeneticOS 3.8 Beta 2

New

Improved

Fixed

KeeneticOS 3.8 Beta 1

New

Warning

Improved

Note

Fixed

Search results