KeeneticOS updates — Preview Channel

Further improvements to the Mesh Wi-Fi System allow an Extender’s built-in 4G/3G modem to be used as the primary or a backup Internet connection. When a compatible Extender is detected, the Controller automatically creates a dedicated MwsMobile interface and manages the connection like any other, including its use in Connection Policies. SMS and USSD modem options are available directly in the Extender’s Web Interface, which can be opened via a link on the Controller’s Wi-Fi System page. [NDM-4027]

The Port Forwarding page now supports IPv6 Pinholing, letting you open TCP and UDP ports to provide external access from the Internet to devices on your home network that use IPv6 addresses. [NWI-4213]

Added support for the Virtual Router Redundancy Protocol (VRRP) v2 and v3, configurable via the command line interface (CLI). This enables redundant routing across multiple routers. To use it, install the VRRP support system component. [SYS-1443]

The new DNS-Based Routes tab on the Static Routes page allows creating custom routing rules via a specified connection or gateway for user-defined lists of domain names and IP addresses. [NWI-4186]

The Diagnostics page now includes an iPerf utility in the Network Connection Test section, enabling bandwidth and performance testing directly from the web interface. To use it, install the iPerf3 system component on your device. [NWI-4371]

New USB modems are now supported, including:

Implemented Origin header enforcement for the KeenDNS Web application proxies. [NDM-3988]

The Internet Safety page now features an Application Filter tab with controls to block traffic from specific applications and categories for individual clients or entire network segments. To use this feature, you must install the Traffic classification engine system component and enable the Application Classification option on the IntelliQoS page. [NWI-4232]

The new WireGuard VPN Server application makes it easier to set up various remote connection scenarios. It enables quick installation on client devices, providing secure access to any part of your network. [NWI-4206]

Implemented UPnP IGDv2 PCP support for the IPv6 protocol. [NDM-3859]

Added a new Manager user role featuring limited administrative rights for ISP deployment scenarios. [NDM-3945]

The iperf3 system component now includes server mode functionality, enabling users to test the bandwidth between nodes on their home network. However, test speeds may be limited by the performance of certain device models. [NDM-3786]

Implemented a virtual Dummy network interface for ISP-managed routing applications, simulations, testing, and other uses. [NDM-3958]

The new Duny service is now available for the Dynamic DNS (DDNS) client system component. [NDM-3959]

Introduced a new routing option based on FQDN object-groups, enabling more precise and flexible control over traffic directed to specific domain names. [NDM-3946]

The new iperf3 system component has been implemented, enabling the measurement of bandwidth of a specified network connection via the command line interface (CLI). However, test speeds may be constrained by the performance of specific router models. [NDM-3785]

Example command: tools iperf3 ping.online.net port 5202 time 10

Support for the Local Profile Assistant (LPA) and embedded Subscriber Identification Module (eSIM) has been added to the UsbLte and UsbQmi modem interfaces via the command line (CLI). The eSIM chip can be built into the 5G/4G modem or accessed via an external eSIM adapter. [NDM-3850]

Added an option to support the nc (Juniper®) protocol in the OpenConnect VPN client, which is selectable via the command line interface (CLI). [NDM-3908]

Implemented the DD-WRT-compatible obfuscation key usage for WireGuard connections via the command line interface (CLI). [NDM-3883]

Implemented support for specifying a domain name (FQDN) in the IKEv2/IPsec VPN Server certificate via the command-line interface (CLI). [NDM-3884]

We are broadening our endorsement programme for Internet Operators by introducing support for the TR‑098 data model under the CPE WAN Management Protocol (CWMP). The feature is available on request. Contact our support (destek@keenetic.com.tr) for further details. [NDM-3870]

Implemented CLI commands to configure static IPv6 address and port translation rules, enhancing IPv6 NAT management via the command line. See the Command Reference Guide for full syntax. [NDM-3819]

Implemented detection and integration of OpkgTun and OpkgTap interfaces created within the OPKG environment, enabling their use in Connection Policies and static routes. [NDM-3846]

Improved the DNS Configuration tab on the Internet Safety page to provide a more convenient layout on mobile devices. [NWI-4375]

Added support for specifying IP sub-networks with the object-group fqdn exclude CLI command. [NDM-4013]

Command example: object-group fqdn TEST exclude ::/0

Added the Average speed information to the Traffic Monitor page. [NWI-4212]

Added the date and time to the filenames of downloaded firmware and startup-config configuration files. [NDM-3999]

Added an option to exclude sub-domain names for Object Groups via the command line interface (CLI). [NDM-4001]

The following improvements have been applied to the Web Interface.

The client part of the iperf3 system component has been extended to support the reverse and streams arguments, enabling download bandwidth testing and the use of parallel network streams. [NDM-3963]

Example command: tools iperf3 ping.online.net reverse port 5202 streams 2 time 5.

Moved the acq, apn, and wwan-force-connected command-line configuration commands from the usb sub-tree to the mobile sub-tree; see details below. [NDM-3950]

Implemented user:password@ authentication credentials support for URLs in the opkg disk CLI command. [NDM-3960]

Improved the loading speed of dialogue popups on the Client Lists page when the Knowledge Base article links cannot be obtained or unavailable. [NWI-4326]

An interface selection option has been added when exporting user-defined routes to a .bat file, enabling customised route export per interface. [NWI-4288]

The IPv6 system component was removed, as IPv6 functionality has been integrated into the base OS. [NDM-3935]

Implemented batch removal of User-Defined Routes per interface through the command line (CLI), allowing the destination arguments {network} {mask} | {host} to be optional. [NDM-3911]

Example command: no ip route ISP — Deletes all IPv4 static routes from the ISP interface.

The following improvements have been applied to the Web Interface.

Implemented support for configuring the WireGuard Peer obfuscation key in WireGuard connections via the command line interface (CLI). [NDM-3917]

Enabled mDNS announcements for the Web Interface (HTTP) service, making it discoverable in the Home segment. [NDM-3919]

Improved static route import/export by adding support for comments or remarks in Windows® batch files; lines ending with :: rem and & rem are now correctly identified as comments and preserved during import/export. [NDM-3889]

Routes example:

route add 5.5.5.0 mask 255.255.255.0 0.0.0.0 :: rem route-to-5-network

route add 4.4.4.4 mask 255.255.255.255 0.0.0.0 & rem route-to-4-net

Enabled automatic mounting of the /lib/system-modules directory within the OPKG environment, so additional kernel modules become accessible immediately. [NDM-3693]

Implemented the capability to include a UsbQmi connection in BridgeX configurations, allowing cellular links to join network bridges. [NDM-3707]

Removed the obsolete cifs master command from the system’s SMB file and printer sharing component. [NDM-3827]

Fixed an issue where the identity-local parameter was reset when reconfiguring the IPsec VPN Server. [NDM-4036]

The OS Kernel has been patched to resolve the following CVE security vulnerabilities:

Fixed an issue where the SSH server was not accessible from the Internet over IPv6 in certain conditions. [NDM-4010]

The following fixes have been applied to the Web Interface.

The following fixes have been applied to the Web Interface.

Fixed an issue where the OpenConnect client failed to establish a connection with the system failed [0xcffd0085] error caused by IPv6 DNS usage. [NDM-3962]

The following fixes have been applied to the Web Interface.

Fixed an issue where user-defined static DNS records (ip host) lost priority over dynamically obtained records after the device restarted. [NDM-3947]

Fixed the address resolution issue that occurred during dynamic reconfiguration in OpenConnect, Proxy, and ZeroTier VPN connections when the server address is specified as an URL. [NDM-3951]

Fixed the incorrect behaviour of the DDNS service when using IPv4 and IPv6 addressing simultaneously or relying solely on the IPv6 protocol. [NDM-3952]

Fixed the incorrect saving of the no system log reduction CLI command to the running configuration. [NDM-3953]

Resolved an issue where clients of IKEv1/IPsec VPN and IKEv2/IPsec VPN servers did not receive static routes correctly. [NDM-3954]

Fixed an issue that caused WifiStationX interfaces to incorrectly reset their MAC address to the default state. [NDM-3906]

Fixed the forwarding of negative DNS responses from the DNS proxy bound to 127.0.0.1, ensuring that local clients now receive these responses correctly. [SYS-1382]

Fixed an issue in which a UsbLte modem connection failed to restart when Ping Check was enabled in certain scenarios. [NDM-3848]