All Activity

Release 5.1 Beta 0.1 HTTP: addressed the CVE-2026-28753 security vulnerability in the web interface service [NDM-4368] MWS: added support for eSIM, SMS, and USSD operations on embedded 5G/4G modems for Wi-Fi System extenders [NWI-4738] NTCE: turned off the display of application traffic statistics by default for models with RAM sizes less than 256 MB [NDM-4367] Web: enhanced the Client Lists page to display information on the client device's currently used connection policy, traffic sent and received, and IPv6 addresses [NWI-4707] Web: added sorting by name and traffic transmitted to the WireGuard connections list (requested by @Алексей Микин) [NWI-4732] Web: implemented the primary SIM fallback control support for models with embedded dual-SIM modem [NWI-4755] Web: added a dedicated wireless networks configuration page [NWI-4675] Wi-Fi: updated protection from attacks on client isolation feature, such as AirSnitch [SYS-1725]

Hello, I found a reproducible issue on Keenetic Giga KN-1012. Issue support request #654031 Environment: - Model: Keenetic Giga KN-1012 - KeeneticOS: 5.0.8 - OpenVPN server subnet: 10.84.0.0/24 - WAN interface: GigabitEthernet0/Vlan4 - Home subnet 192.168.1.0/24 - Web UI tested via: - http://10.84.0.1 - http://192.168.1.1 - http://my.keenetic.net - SSH access works in all scenarios from Home and OpenVPN1 segments Current routing/NAT logic: - WAN NAT is enabled on GigabitEthernet0/Vlan4 - OpenVPN clients are in 10.84.0.0/24 Problem: It looks like OpenVPN clients need the following directive in order to reach external resources through GigabitEthernet0/Vlan4: ip static 10.84.0.0 255.255.255.0 GigabitEthernet0/Vlan4 However, when this directive is present, local Web UI access starts failing with HTTP 403 Forbidden. Reproducible behavior: Case A — without: no ip static 10.84.0.0 255.255.255.0 GigabitEthernet0/Vlan4 Observed results: 1. 10.84.0.1 is accessible from OpenVPN client 10.84.0.2 2. my.keenetic.net is accessible from OpenVPN client 10.84.0.2 3. 10.84.0.1 is accessible from Home client 192.168.1.124 4. OpenVPN client 10.84.0.2 cannot access external resources that should go through GigabitEthernet0/Vlan4 Case B — with: ip static 10.84.0.0 255.255.255.0 GigabitEthernet0/Vlan4 Observed results: 1. 10.84.0.1 is NOT accessible from OpenVPN client 10.84.0.2 2. Web UI returns HTTP 403 Forbidden 3. my.keenetic.net is still accessible from OpenVPN client 10.84.0.2 4. OpenVPN client 10.84.0.2 CAN access external resources through GigabitEthernet0/Vlan4 5. 10.84.0.1 is also NOT accessible from Home client 192.168.1.124 Important note: - SSH access to Keenetic remains available on all interface addresses in both cases. - The issue affects Web UI access only. - A similar effect was previously observed with: ip static 192.168.1.0 255.255.255.0 GigabitEthernet0/Vlan4 In that case, replacing it with normal NAT for the Home segment restored HTTP access to 192.168.1.1. Expected behavior: - OpenVPN clients should be able to access external resources via WAN NAT - Local Web UI access via 10.84.0.1 and 192.168.1.1 should continue working - Enabling outbound NAT/routing for the OpenVPN subnet should not cause HTTP 403 on local management addresses Actual behavior: - The static directive for 10.84.0.0/24 appears to be required for outbound WAN access - But when enabled, it causes Web UI access to local management IPs to fail with HTTP 403 Could you please confirm whether this is expected behavior, a NAT/static routing side effect, or a Web UI management-plane bug? If needed, I can provide: - full running-config - exact test sequence - screenshots - self-test.txt Thank you.

Hello everyone. A good option has appeared in routers - DNS-based routes. But, many previous versions of routers are used, which are still quite good (kn-3010, 1711, 1311, 1111) and replacing them all at once is problematic. Will this option be implemented in firmware version 4.x.x?

In KeeneticOS v4.3.6.2, all files and directories on external removable devices whose names begin with a dot (e.g., .git, .gitignore) are treated as system files and are therefore hidden. These files and directories become system files specifically when accessed via KeeneticOS. It doesn’t matter how these items ended up on the external removable device, because I uploaded some files and directories via the router running KeeneticOS, while others I copied directly by connecting the removable device to my computer. All of them became system files. Once they become system files, they are treated as such even when the external removable device is connected directly to the computer. I performed all these operations on devices running the following file systems: Ext4, exFAT, and FAT32. In every case, these files and directories became hidden. The data transfer protocol did not affect this either, as I tested it using both SMB and SFTP. The result remained the same. In Windows 11, when using the SMB protocol, I was only able to make files and directories visible after enabling the «Show hidden files, folders, and drives» option in File Explorer and disabling «Hide protected operating system files (Recommended)». In Android 14, when using Cx File Explorer and the SFTP protocol, these files and directories are not displayed at all. If you look at the number of items in the parent directory containing such hidden elements, all files and directories are present and are copied correctly when copying the parent directory in which they are located, but there is no way to interact with them. You can find a file manager that can handle system hidden items, but the problem here is that user files and directories that shouldn’t be system files become system files. At first, I thought that KeeneticOS simply wouldn't return them when requested and would say they were missing, but that's not the case. All the files and directories don't disappear but become system files, which makes it impossible to work with them normally.

Добрый день, @Гамлет Неркарарян Русскоязычный форум находится по адресу https://forum.keenetic.ru/ Пересоздайте пожалуйста тему там.

На фото интерфейс маршрутизатора Keenetic Giga, работающий под управлением операционной системы (KeeneticOS 5.1 Alpha 7). В данной версии появилась новая вкладка «Wi-Fi», которая была добавлена в раздел «Настройки системы». Стоит отметить, что эти настройки отличаются от реальных параметров, доступных в разделе «Мои сети и Wi-Fi».

Hi everyone, I recently purchased the Hopper 4g+ and the Hero 5g. I would like to have the Telegram bot too, but I'm having trouble setting it up. Can you help me? Thank you!

Release 5.1 Alpha 7 AFP: removed support for the obsolete Apple Filing Protocol® (AFP) in favour of SMB file sharing [NDM-4352] DNS: enhanced the retrieval of cached name resolution responses to ensure proper functionality of FQDN-based routes (reported by @dimon27254) [NDM-4305] DynDNS: fixed the 'domain must be filled for custom type' error preventing operation with custom servers (reported by @snark) [NDM-4341] VLAN: fixed the 802.1q egress priority setting for packets with non-zero DSCP mark [NDM-4342] Web: added an option to turn off the WireGuard peer in the 'Connect via' selector [NWI-4756] Web: fixed the Dashboard link to the Active Connections tab in Diagnostics [NWI-4743] Web: fixed the charts display on the Traffic Monitor page [NWI-4758] Web: fixed the order of traffic download and upload values on the Internet card [NWI-4746] Web: fixed the reorder operation for connections on the Connection Policies page (reported by @spatiumstas) [NWI-4740] Web: fixed scrolling on the Application Traffic Analyser page [NWI-4726] Web: fixed the SFP port information display on the Dashboard page (reported by @Ваджио) [NWI-4749] Web: fixed the partition size display on the Applications page (reported by @spatiumstas) [NWI-4495] Web: removed the toggle's own status display (reported by @KeyYerS) [NWI-4742]

Release 5.0.8 (preview): Web: fixed the management port number setting [NWI-4747] Web: improved the port forwarding rule management buttons for the mobile view of the registered client settings (reported by @dimon27254) [NWI-4672] Web: corrected the sorting of clients by IP address in the client lists (reported by @dimon27254) [NWI-4677] Web: corrected the free SMS memory display for certain modem models [NWI-4692] Web: fixed the cog icon hover on the dashboard in dark theme (reported by @spatiumstas) [NWI-4712] Web: fixed the automatic update of the active connections display (reported by @mega1volt) [NWI-4713] Web: corrected the language set reset upon manual update [NWI-4703] Web: fixed the tooltip display at the right edge of the Wi-Fi Monitor graph for wider screens (reported by @keenet07) [NWI-4717] Web: fixed excessive polling of the Captive Portal service (reported by @spatiumstas) [NWI-4368] WSD: confined Hello messages by the Bridge0 interface by default [NDM-4314] Wi-Fi: fixed the handler for turning wireless on and off on devices with a single hardware button [NDM-4326] WSD: modified the Hello message format to resolve the reboot issue for certain IP cameras (reported by @dimon27254) [NDM-4331] IPsec: fixed the blocking of the inter-process communication socket [NDM-4332] IP: corrected the flushing of sessions that utilize the FQDN-based route [NDM-4336]

Hi Ceyhun, in port forwarding is possible to select also unregistered clients. In this way you can select IP address directly, without needs to register all the clients. Attached an example. Regards

When I enable speed limiting in the IntelliQoS section, even the slightest restriction causes 1% packet loss in the Xbox series s network test. However, when I don’t apply any limit, packet loss shows as 0%, but this time the jitter increases. Is there a solution to this? If Xbox is set to first priority, as soon as I enter any value in the speed limit section, the Xbox measures 1% packet loss.

Hi, I have a Keenetic Hero 4G+ (KN-2311, EU) running KeeneticOS 4.3.6.3. On the System Dashboard, I can see: an IPv6 address on the WAN interface a delegated IPv6 prefix (/56) However, in My networks → Home segment, there are: no IPv6 settings (no "Enable IPv6" option) no IPv6 connectivity on LAN devices Topology: Hero 4G+ is the main router Connected via Ethernet to ISP optical converter PPPoE connection configured (IPv4 + IPv6 both set to "Automatic") VLAN ID 42 configured on Internet interface in "Ports and VLANs" Mesh enabled with Hopper (KN-3810), Hero is the controller Questions: How do I enable IPv6 on the Home segment? Should IPv6 settings appear automatically when a delegated prefix (/56) is received? Could mesh mode or segment configuration prevent IPv6 options from appearing? It seems like IPv6 is working on WAN, but not being distributed to LAN, and the UI does not expose any IPv6-related settings for the Home segment. Any guidance would be appreciated. Thanks!

Добрый день, @ScaniRРусскоязычный форум находится по адресу https://forum.keenetic.ru/ Пересоздайте пожалуйста тему там.

Здравствуйте, проблема в следующем, при подключении кабеля от провайдера в 1 порт (синий) скорость не поднимается выше 100 МБит, хотя провайдер предоставляет 300 Мбит. При подключении в другой порт, со скоростью все нормально

14/03/2026 Temporary Disabling of Telegram Notifications for Node and Site Status Change Notifications in Telegram about sites and nodes changing to Online, Warning, and Offline statuses are temporarily disabled. They will be restored once the problem is resolved. We apologize for any inconvenience caused.

Release 5.1 Alpha 6 App: fixed SSL connections to the mobile application's backend (reported by @AJ_) [SYS-1680] IP: corrected the flushing of sessions that utilize the FQDN-based route [NDM-4336] IPsec: fixed the blocking of the inter-process communication socket [NDM-4332] MWS: fixed the extender's acquisition, system update, and access to its web UI from the controller [NDM-4339] Web: fixed the management port number setting [NWI-4747] Web: fixed the cog icon hover on the dashboard in dark theme (reported by @spatiumstas) [NWI-4712] Web: fixed the navigation to applications from the Dashboard (reported by @r3L4x) [NWI-4474] Web: fixed excessive polling of the Captive Portal service (reported by @spatiumstas) [NWI-4368] Wi-Fi: fixed the handler for turning wireless on and off on devices with a single hardware button [NDM-4326] WSD: modified the Hello message format to resolve the reboot issue for certain IP cameras (reported by @dimon27254) [NDM-4331]

Hello, In Keenetic modem configuration, port forwarding requires selecting a Registered client, which is based on MAC address. When using a Keenetic Buddy Wi‑Fi extender, all devices behind its ethernet port appear with the same MAC address, so my virtual machines cannot be registered individually. I would like to: Register clients by IP address instead of MAC. Configure port forwarding rules directly to an IP address, not tied to a registered MAC client. Is this possible in Keenetic firmware, or is there any workaround for VM environments behind a Buddy extender where MAC addresses are duplicated? Thanks.

issue was solved, thanks Andrew from support team: Please enter the following CLI commands on your Titan: https://support.keenetic.com/titan/kn-1812/en/18480-command-line-interface--cli-.html interface GigabitEthernet1/0 no flowcontrol system configuration save After that, please restart your Keenetic and check the situation again.

12/03/2026 Telegram Notifications Restored The technical issue has been resolved. Telegram notifications for the “Node Reboot” event have been re-enabled and are now operating normally. Thank you for your understanding.

I had another tab of the browser opened on Sprint, there I could find the acquire button, I pressed it and it worked, now the extender is connected. This is amazing.. So I solved the problem, bu please write me again the command to send if I need it in future, thanks

Hi, thanks for support, the previous topic doesn't exist more, so I should create e new one, sorry for this. I've done by your instructions, the result log is { "prompt": "(config)", "status": [ { "status": "message", "code": "8781924", "ident": "Core::Legal", "message": "\"dpn\": accepted version 20230223." } ] } then I pressed acquire buttom the button disappeared, so I reset to factory settings the Air, wait air comes up, but no more acquire button. So I reboot the Sprinter, again no button, I want to type again the command but can't find it more, can you please write it me here? Thank you

Wi-Fi → WAN upload collapses to 30-50 Mbps without IntelliQoS (KN-1812, KeeneticOS 5.0.7) ENVIRONMENT Router: Keenetic Titan KN-1812, KeeneticOS 5.00.C.7.0-0 ISP: Magyar Telekom, fiber GPON, 1 Gbps symmetric Topology: MBP (Wi-Fi 6) → Keenetic → Magenta Box (Technicolor FGA2235, DMZ mode) → ISP Wi-Fi client: MacBook Pro M1 Max (BCM4387), 5 GHz, 2SS/80MHz, 802.11ax MBP is the only client on 5 GHz band IntelliQoS config when enabled: CAKE, input 890 Mbps, output 500 Mbps PROBLEM When IntelliQoS is disabled (no qos), Wi-Fi upload through WAN drops to 30-50 Mbps. With IntelliQoS enabled (CAKE, output 500 Mbps), upload is stable at ~480 Mbps. I would expect that removing the 500 Mbps shaper would increase or maintain upload speed, not collapse it by 10x. DIAGNOSTIC RESULTS Upload throughput (same iperf3 server, same time of day): Pi-hole, Ethernet → Keenetic → WAN, QoS OFF: 846 Mbps MBP, Wi-Fi 5GHz → Keenetic → WAN, QoS OFF: 23-51 Mbps MBP, Wi-Fi 5GHz → Keenetic → WAN, QoS ON (500): 480 Mbps MBP, Wi-Fi 5GHz → Keenetic → LAN (iperf3), QoS OFF: 595 Mbps MBP, Wi-Fi 5GHz → Magenta Box Wi-Fi → WAN, QoS OFF: 610 Mbps Desktop, Ethernet → Keenetic → WAN, QoS OFF: 450-640 Mbps Desktop, Ethernet → Magenta Box directly, QoS OFF: 980 Mbps Key observations: 1. Wi-Fi LAN throughput = 595 Mbps (iperf3) — Wi-Fi radio works fine 2. Ethernet upload through same WAN path = 846 Mbps — WAN path works fine 3. MBP on Magenta Box Wi-Fi directly = 610 Mbps — MBP Wi-Fi chip works fine 4. PHY rate during test: TX 1201, RX 960-1080 Mbps, RSSI -67...-69 — stable 5. WAN interface stats: 0 txdropped, 0 txerrors 6. Problem is specific to Wi-Fi → WAN forwarding without CAKE What I tested (none helped): - Disabled hardware PPE (no ppe hardware) — upload still 44 Mbps - Disabled TSO on MBP (sysctl net.inet.tcp.tso=0) — upload still 45 Mbps QUESTION Is this expected behavior? It appears that the default queueing on the WAN egress path cannot handle Wi-Fi-originated traffic properly. CAKE fixes it, but requires an artificial bandwidth limit (500 Mbps) which caps upload below ISP capacity (980 Mbps). Is there a way to enable CAKE/fq_codel without bandwidth limiting? Or another setting to fix Wi-Fi → WAN forwarding without IntelliQoS?

On my router with KeeneticOS 5 btrfs modules are available, but are not loaded by default, and can't be through the WebUI. With OPKG enabled, you can ssh into the router and load the modules using opkg install kmod insmod /lib/modules/$(uname -r)/xor.ko insmod /lib/modules/$(uname -r)/raid6_pq.ko insmod /lib/modules/$(uname -r)/btrfs.ko The rest you can figure out by yourself, imma use it for NFS. I wish I knew about this before I compiled the module myself...

Release 4.3.7 LTS* (preview): CIFS: fixed compatibility with macOS TimeMachine® [NDM-4112] Core: restricted access to sensitive data for users with 'readonly' privileges [NDM-4169] DNS: fixed possible system restart triggered by 'DNS FQDN event sink' threads [NDM-4162] HTTP: eliminated CVE-2026-1642 security vulnerability in the HTTP proxy service [NDM-4267] IP: fixed operation of static routes added after the default route [NDM-4209] IPsec: fixed convey of IKEv1/IPsec VPN and IKEv2/IPsec VPN servers custom routes to clients (reported by @lexm434) [NDM-3954] IPv6: fixed the IPv4 default route setup for DS-Lite over PPPoE connections [NDM-4109] Monitor: changed the packet dump file extension from .pcapng to .pcap [NDM-4091] MWS: fixed the wireless 2.4 GHz backhaul operation for MT7603 and MT7628-based devices [SYS-1513] SSDP: fixed possible system restart under certain conditions [NDM-4224] Web: fixed the mobile connection settings save after changing the TTL value [NWI-4322] Web: fixed the display of the drop-down list on the Internet Safety page (reported by @kroleg) [NWI-4306] Web: removed the option to delete main home network segment (reported by @dimon27254) [NWI-4340] Web: restored the 'lte-firmware' file missing in the list of system files under certain conditions [NWI-4367] Wi-Fi: fixed the ACL filtering for Wi-Fi 7 clients with MLO enabled [SYS-1507] Wi-Fi: fixed the iPhone® 17 connection issues with Wi-Fi 7 MLO and Fast Transition enabled [SYS-1497] Wi-Fi: eliminated security vulnerabilities [SYS-1542] CVE-2014-3570 CVE-2022-4304 Wi-Fi: fixed the KN-1812 enter continuous restart after adding a local network while the radio is turned off via hardware [SYS-1481] Wi-Fi: fixed the MWS zoning for Wi-Fi 7 clients that use MLO [SYS-1505] Wi-Fi: fixed possible system crash when using OWE authentication [SYS-1461] ZeroTier: fixed the system restart when using the fail-safe mode [NDM-4187] * publication scope: KN-1111, KN-1211, KN-1212, KN-1311, KN-1511, KN-1611, KN-1711, KN-2210, KN-3010

Are static routes registered? Are the allowed IPs correctly specified in the tunnel configuration? Is the firewall enabled for WG? Updated to 5.0.7?