All Activity

Good morning. I don't think you understand me. I don't access SMB from the Internet, I access it from LAN, but for Keenetic, my LAN is its ‘Internet’. There are only two home routers with advanced firewalls: Synology and Kennetic. With Synology, everything I'm saying can be done with two clicks. Within the LAN network, we want to have several wireless networks, each of which can access a different network resource: some Wi-Fi networks only access the Internet, others access devices on the PFSENSE-SWITCH LAN, etc. We simply need the Keenetic OS firewall to WORK! That's why I want to access SMB from the Internet (LAN). Let me put it another way: I have a pfsense router... connected to a switch... and the Keenetic is also connected to this switch, along with other NAS devices, computers, printers, etc... A 2TB USB drive with folders is connected to the Keenetic. There are four wireless network segments created on the Keenetic: Office, Workshop, Administration, and Management. Each one can access a folder and part of the main network resources (the network where PFSENSE, Switch, and Keenetic WAN are located). We can specify who can access what and where. When I want to access the SMB folders from my computer (within the PFSENSE-SWITCH-KEENETIC-WISEPDS PC network), since I cannot do so from the WAN (which is my LAN), I should then connect to the Wi-Fi of any of the segments to be able to see the folders, whereas if I have WAN access, I can access all of them (with the necessary permission, of course). What I'm saying is that you should let the FIREWALL take control. If I say that it can be accessed from the WAN with the subnet 192.168.3.0/24, then it should be possible. My firewall... my rules. It's also very annoying that only with Keenetic's DDNS can you access the router via HTTPS, and you can't import my certificate or have a self-signed one. I like Keenetic, but it has a lot of room for improvement, and here are two clear examples. It's up to you whether you take my advice or not. Thanks for response Best regards Manuel.

Hello, I thought of a feature for experienced users. It is a process I often use in SFP GPON modules. It can be seen in Openwrt or Linux-based operating systems. I would like to see the ability to manually change partitions in KeeneticOS as well. One partition could hold the stable version, while the other partition could hold the developer version of KeeneticOS. Similarly, when updating from the developer version to the stable version during an update, the update should be written to the other partition. Instead of writing the new version to the other partition and performing the version update procedure each time, it would be a good idea to change the partition using a command line or a button in the interface. Example application: nv getenv sw_commit If sw_commit returns 0 sw_commit=0 nv setenv sw_commit 1 nv setenv sw_active 1 reboot - nv getenv sw_commit If sw_commit returns 1 sw_commit=1 nv setenv sw_commit 0 nv setenv sw_active 0 reboot If you want to manage this, you can also set up one partition to always have the stable version and the other partition to always have the developer version. Just switch to the other partition first when you want to update a specific software.

Did you delete simple dns when DOH/DOT entries are enabled?

Hello. I see issues with my hdd on Keenetic Titan KN-1811 (os version 4.3.6), hdd is WD My Passport 2626 1034 Only EFI is visible, nothing else On version 4.2.6 everything is working fine. Logs: Авг 13 08:01:54 kernel sd 0:0:0:0: [sda] Very big device. Trying to use READ CAPACITY(16). Авг 13 08:01:54 kernel sd 0:0:0:0: [sda] 9767475200 512-byte logical blocks: (5.00 TB/4.55 TiB) Авг 13 08:01:54 kernel sd 0:0:0:0: [sda] 4096-byte physical blocks Авг 13 08:01:54 kernel sd 0:0:0:0: [sda] Write Protect is off Авг 13 08:01:54 kernel sd 0:0:0:0: [sda] Mode Sense: 47 00 10 08 Авг 13 08:01:54 kernel sd 0:0:0:0: [sda] No Caching mode page found Авг 13 08:01:54 kernel sd 0:0:0:0: [sda] Assuming drive cache: write through Авг 13 08:01:54 kernel sd 0:0:0:0: [sda] Very big device. Trying to use READ CAPACITY(16). Авг 13 08:01:54 kernel sda: sda1 sda2 sda3 Авг 13 08:01:54 kernel sd 0:0:0:0: [sda] Very big device. Trying to use READ CAPACITY(16). Авг 13 08:01:54 kernel sd 0:0:0:0: [sda] Attached SCSI disk Авг 13 08:01:54 ndm Storage::Manager: "Media0": enabled a disk spin down. Авг 13 08:01:54 ndm Storage::Manager: "Media0": enabled TRIM support. Авг 13 08:01:54 ndm Core::System::DriverManager: loading /lib/modules/4.9-ndm-5/nf_conntrack_ftp.ko. Авг 13 08:01:54 ndm Core::System::DriverManager: loading /lib/modules/4.9-ndm-5/nf_nat_ftp.ko. Авг 13 08:01:54 ndm Storage::Manager: created "Media0", port 1. Авг 13 08:01:54 ndm Storage::Partition: vfat "67E3-17ED:": filesystem initialized. Авг 13 08:01:54 kernel tfat: fail_safe is enabled Авг 13 08:01:54 kernel tfat: cluster_heap_lbo 0x317c00 Авг 13 08:01:54 kernel tfat: 9 blkbits for normal inodes Авг 13 08:01:54 kernel tfat: fat start lbo 0x4000 Авг 13 08:01:54 kernel tfat: 9 blkbits for main FAT32 inode Авг 13 08:01:54 kernel tfat: cluster size 512 Авг 13 08:01:55 ndm Core::Server: started Session /var/run/ndm.core.socket. Авг 13 08:01:55 upnp HTTP listening on port 1900 Авг 13 08:01:55 upnp Listening for NAT-PMP/PCP traffic on port 5351 Авг 13 08:01:55 kernel tfat info: FAT32 volume name 'EFI', version 0.0. Авг 13 08:01:55 ndm Storage::Manager: "Media0": registered partition "67E3-17ED:". Авг 13 08:01:55 kernel thfsplus: unable to parse mount options Авг 13 08:01:55 ndm Storage::Partition: hfsplus "64043940-5674-3e73-8904-6f56f3b2eed4:": filesystem initialized. Авг 13 08:01:55 ndm Core::FileSystem::Native: failed to mount "/tmp/mnt/64043940-5674-3e73-8904-6f56f3b2eed4": invalid argument. Авг 13 08:01:55 ndm Storage::Partition: failed to mount. Авг 13 08:01:55 ndm Storage::Partition: hfsplus "64043940-5674-3e73-8904-6f56f3b2eed4:": unable to mount. Авг 13 08:01:55 ndm Storage::Manager: "Media0": failed to register partition "64043940-5674-3e73-8904-6f56f3b2eed4:". Авг 13 08:01:55 ndm Storage::Partition: "/dev/sda3" has an unknown partition type, ignored. Авг 13 08:01:55 kernel sd 0:0:0:0: [sda] tag#0 UNKNOWN(0x2003) Result: hostbyte=0x00 driverbyte=0x08 Авг 13 08:01:55 kernel sd 0:0:0:0: [sda] tag#0 Sense Key : 0x5 [current] Авг 13 08:01:55 kernel sd 0:0:0:0: [sda] tag#0 ASC=0x20 ASCQ=0x0 Авг 13 08:01:55 kernel sd 0:0:0:0: [sda] tag#0 CDB: opcode=0x93 93 08 00 00 00 00 00 00 20 e7 00 00 00 01 00 00 Авг 13 08:01:55 kernel blk_update_request: critical target error, dev sda, sector 8423

Same problem! Reset & downgrade firmware doesn’t help! also, adding extender doesn't work through the netcraze app!

Provider gives IPv6 config with the following parameters: IPv6 address 2a01:XXXX:XXXX::3 IPv6 prefix 2a01:XXXX:XXXX:3::/64 IPv6 gateway 2a01:XXXX:XXXX::1 i configured this as shown. Now My home clients get addresses from 2a01:XXXX:XXXX:3::/64 and i can ping router address 2a01:XXXX:XXXX::3. But the Gateway address 2a01:XXXX:XXXX::1 is not accessible. So is the ipv6 Internet. ip -6 nei show dev eth3 shows gateway as REACHABLE, but no icmp6 echo replies are received from it. What i see - there are different MAC addresses of IPv4 and IPv6 gateways. But it looks normal. For the Keenetic giga kn-1012 shouldn't there be any specific policy to allow IPv6 at least run between router and gateway? I'm fighting with provider for almost a month. Router has Entware installed and running. So i can check the interfaces, MACs, neighbors. Provider recommends connecting my laptop directly to check, but what the heck for? Router is working fine.

Hi everyone, I ran into a strange issue on my Keenetic router and wanted to share it here in case others have experienced the same. When I use regular DNS (ISP DNS, Google, Cloudflare, etc.), PPPoE connects just fine. But as soon as I enable DoH/DoT, the PPPoE session starts always showing "Authentication failed". In addition, the connection problem occurs when restarting the PPPoE service or modem. After looking into it, here’s what seems to be happening: With DoH/DoT enabled, the router first tries to resolve the hostname of the secure DNS server. It attempts to do this through the PPPoE interface, but at that point the PPPoE session hasn’t been fully established yet. (Because when I add a normal DNS address, it connects after a while.) This premature attempt causes the router to trigger a PPPoE authentication error, even though the username and password are correct. With normal DNS, there’s no need for an early hostname lookup, so the PPPoE session comes up cleanly and only afterwards DNS queries flow through meaning no errors appear. Problem isn’t wrong credentials, but rather Keenetic’s DoH/DoT “bootstrap” mechanism trying to use the PPPoE link before authentication has completed.

Hi Manuel, Please share your infrastructure and configuration to help you access SMB from the Internet. However, I'd like to express my disappointment at accessing your LAN resources without a VPN... especially with a protocol like SMB. This is a real shame. Also, if you want a firewall in AP mode, access from the WAN port, and the ability to use IP instead of KeenDNS, why did you choose Keenetic and not another brand? We focus on KeeneticOS, and, as you said, many people use our router, and we haven't received any such requests. There are many open-source alternatives that can achieve excellent results, such as PFsense, OPNsense, OpenWRT, etc.

Hi, this is a big big fail... I have my Keenetic router under a PFSENSE router with 3 wifi segments .... first point.. if i use AP mode, this mode don't have firewall... BAD!!! But if i choose to use Router mode under the real PFSENSE ROUTE... i cant access SMB from internet... even if i create a firewall rule... WTF? I only can access using FTP, SFTP, WEBDAV.. more or less...300% slower thant real SMB performance (About 350-390 MB/S with SSD). This is a very bad deal!!! I want to choose the behabiour of the router with the firewall rules!!!! if I what to login into my router by wan port from my lan, i must can do it... If i don't want to use Keenetic DDNS to acces from my WAN PORT (For example, local ip like 192.168.1.5) i must access without problems! Please fix this... a lot of people use Keenetic Routers in router mode inside a lan with a principal router and the wan IP it's a simple 192.168.1.8.... Please, Please, FIX THIS!!!! Synology for example don´t use a obliged DDNS to access wan... the firewall rules are the boss! Be like Synology in this area please! Ah!! Another think! Let me use my own SSL certificate... an IMPORT TOOL to use our certificates please!!! Best regards Manuel.

192.168.1.0/24, 192.168.80.0/24, 10.90.80.0/24. We use a subnet and not a single IP address. ok

Modem software does not support two remote addresses in one definition.. and the modem UI does not support entering 2 connections with same gateway.. I have downloaded the config and updated it with 2 connections with same gateway and now it is working..

Thank you for your attention.. I tried to change as you suggested but UI did not let me change it as /24..

try to enter all networks in the format xx.xx.xx.0 /24 for test case

Hello everyone, I’m testing a configuration with two Wi-Fi segments on my Keenetic Hero: Home (192.168.2.0/24) IoT (192.168.3.0/24) Goal: HomeKit devices connected to IoT should announce themselves via mDNS and be discoverable from Home. No reverse opening: Home should not announce itself to IoT, and devices in IoT should not initiate communication toward Home. Current setup: Relay multicast DNS enabled on both segments (Home and IoT). Firewall Home → IoT: ALLOW on “Any IP protocol”. Problem: Even with this configuration, devices in IoT are still not discovered from Home via dns-sd -B _hap._tcp. Questions: Does the IoT segment need an explicit firewall rule to allow UDP to 224.0.0.251:5353 for the relay to pick up and forward mDNS packets? Does Keenetic’s mDNS Relay act as a true proxy between segments, or is there additional configuration required? Is it possible to limit the relay to one-way (IoT → Home) to avoid reverse discovery? Any advice or insights from the community or Keenetic team would be greatly appreciated. Thanks in advance!

Release 5.0 Alpha 12: CdcEthernet: added support for SMD12 SMW12 modems [NDM-2979] HTTP: implemented Origin header enforcement for proxies [NDM-3988]: ip http proxy {name} force-origin {force-origin} MWS: fixed regression after implementing user tag “manager” (reported by @dimon27254) [NDM-3981] USB: added support for Fibocom FM101-GL modem [NDM-3970] USB: added support for Olax F90 modem [NDM-3983] Web: fixed End User License Agreement line spacing (reported by @dimon27254) [NWI-4344]

Hi again, So far I haven't figured out how to solve this issue. Does anyone know how to bypass this problem.. I kindly request your assistance on this case. Have a nice day

Having an RTMP server would be very useful. Could you please consider this? Keenetic becomes indispensable for live broadcasts. Matter support would be great, and for example, by connecting a Sonoff USB module to the Keenetic, you could manage all ZigBee, Wi-Fi, and Matter-enabled devices through the Keenetic.

Any updates?

Static route is not the way, as at least in my kn3711, it can only process ip addresses and not domains. However, i will look into that new FQDN routing option, thansk. Also i noticed entware, but i just wasnt sure if this was the way. Anyway thank you for helping me.

1) static route 2) since keenos 5.a Introduced a new routing option based on FQDN object-groups, enabling more precise and flexible control over traffic directed to specific domain names. [NDM-3946] dns-proxy route object-group {group} [{interface} | {gateway} [interface]] [auto] [reject] — set routing destination {interface} or {gateway} for domain names listed in the object-group {group}. 3) entware + xxxxx macvlan network for docker.... will have his own mac

So i have my own AmneziaVPN proxy server in netherlands and i successfully added my access policy using this tutorial. Its official amnezia tutorial. So it works really good, and my question is how can i make router use the following policy only when lan user accesses a website from like some kind of white list? Also i'd like to mention that i have synology NAS, so i'd like to route its traffic thru vpn when its downloading torrents, it has static ip setup.

Also, you need to configure some rule to enable NAT and private security-level of wireguard segment. https://help.keenetic.com/hc/en-us/articles/360010551419-Internet-access-through-a-WireGuard-VPN-tunnel

select Use for accesing the internet on 2 screen

Hi, I’m having trouble setting up and connecting to a WireGuard server on my Keenetic router. I have a static IP, and I’ve created the WireGuard server, opened the required port, and added the necessary firewall rules both for my ISP and my home network segment. The connection appears to establish successfully — I get a successful handshake, and both RX and TX counters increase — but I can’t access the internet from my phone. I’ve enabled the “Allow Internet Access” option in WireGuard, but there’s still no internet connectivity. All I see is the handshake and traffic counters increasing, with no actual internet access.

Hi, I've a Titan KN-1812 and if I follow this procedure: https://help.keenetic.com/hc/en-us/articles/7248035195548-Creating-a-DNS-profile-without-filtering I have an unfiltered DNS profile (so I can choose any DNS I want) and I've the default WAN DNS, but not an ipv6 address (basically I fail the ipv6test.com). Instead, if I specify any DNS in any profile, I receive an IPv6 address. Basically in the first case (ufiltered DNS Profile), if I test a client in this page: https://dnscheck.tools/ I get no IPv6 address for my client In the latter case, I got an IPv6 address. I have IPv6 DNS tough in both cases. Is this an issue? Or am I doing something wrong? My ISP provide me a full Native IPv6 /48 pool of address