All Activity

Any possibility to perform internet speed test (manual or scheduled) for each node?

Release 5.0 Beta 1 (preview): Ethernet: fixed bogus half-duplex link status for 2.5 Gbps [SYS-1438] IPsec: fixed "identity-local" reset during reconfiguration [NDM-4036] MWS: implemented the use of an Extender's built-in 4G modem as a WAN connection [NDM-4027] USB: fixed "invalid argument" error when polling SMART on SATA drives [NDM-4026] VRRP: imlpemented support for VRRP version 2 and 3; can be installed as a separate component [SYS-1443]: interface {name} vrrp group {group} ip {ip} — set virtual IP address for the group. interface {name} vrrp group {group} priority {priority} — set priority (integer in the range 0 to 255), the device with the numerically highest priority becomes the master in the group. interface {name} vrrp group {group} advertise {advertise} — set advertisement interval in seconds (integer in the range 1 to 255, the default is 1) interface {name} vrrp version {version} — set protocol version, supported values: default — use version 2 for IPv4 and version 3 for IPv6. v2 — strict compliance to VRRP version 2: zero VIPs are not allowed; IPv6 addresses not allowed; state MASTER can be configured if and only if priority is 255. v3 — compliance to VRRP version 3 for both IPv4 and IPv6. v3-compat — VRRP version 3 compatible with some manufacturers (e.g. Cisco and Juniper) who interpret RFC5798 5.2.8 as applying only to IPv6, since the pseudo-header in RFC2460 is specified only for IPv6, although most open source implementations include the pseudo-header for IPv4. This option enables the IPv4 pseudo-header, but excludes it from the checksum calculation for IPv4. show interface {name} vrrp — show VRRP status. Web: added IPv6 support on the Port Forwarding page [NWI-4213] Web: fixed issues with the WireGuard server configuration (reported by @dimon27254) [NWI-4372] Web: fixed issues with tooltips on the Wi-Fi system page (reported by @dimon27254) [NWI-4379] Web: fixed timestamp of the last WireGuard handshake (reported by @dimon27254) [NWI-4384]

Could not get it to work for devices included in policies. e.g.: Default policy - ISP connection; VPN policy - wireguard connection; NOVPN policy - ISP connection; Tests: 1. Device in Default policy, add dns route to youtube.com via VPN interface, traceroute device->youtube - OK (traffic goes through VPN) 2. Device in NOVPN policy, add dns route to youtube.com via VPN interface, traceroute device->youtube - FAIL (traffic goes through ISP) 3. Device in VPN policy, add dns route to youtube.com via ISP interface, traceroute device->youtube - FAIL (traffic goes through VPN) Is it possible to either respect the DNS routing (just like regular static routing does) for policies-using devices or allow policy-based routing to use object groups? PS: (KN-1012, 5.0 Beta 1)

On Keenetic devices, applying QoS at speeds like 1000 Mbps requires significant CPU resources. That’s why you may notice a reduction in overall internet speed when limits are set. In general, we don’t recommend enabling QoS for such high-speed packages. If you need prioritization, it’s more efficient to create limited rules for specific devices or applications instead.

I have 1000 Mbps download and 50 Mbps upload internet speeds. In my tests, I'm getting 930 Mbps download and 65 Mbps upload speeds. I'm having trouble trying to limit my line speed to 900 and 50 in the Keenetic IntelliQoS settings. As I mentioned, upload speeds are 50 Mbps, but download speeds are capped at 250 Mbps.

I have 2 wifi router(viva and speedster) . It connect as extenders to main router(mikritok). At now I want configure wifi controller. Viva will be the controller , speedster - extender. all keenetic routers connect to main router via Ethernet . How I can configure viva for use same network range that set on main router ? Eg all keenetics routers, and these client must use main router dhcp range

Добрый вечер, @NetTomsk Пересоздайте пожалуйста тему на русскоязычном форуме forum.keenetic.ru.

Здравствуйте, на старых роутерах Keenetic Extra II (ki_rb) наблюдаю самопроизвольные перезагрузки, прошивка стоит 4.3.6 dev. Перезагрузка может произойти в рандомное время, раз в сутки, либо 2 раза в сутки. В журнале никаких ошибок, свет не отключался, роутер подключен к бесперебойнику который работает 30 минут после отключения света, к нему же подключен ПК.

@eralde I also started experiencing this issue with version 5.0.B.0, but my case is a bit different. Normally, the disk would not wake up from sleep unless I browsed the files and folders inside it. Now, however, as soon as I open the interface and enter the username and password, the disk wakes up, which causes the interface to load slowly. I had opened a topic about this in the RU forum. Задержка загрузки интерфейса Keenetic из-за спящего диска 5.0.B.0 - Тестирование Dev-сборок - Keenetic Community

You were right... my fault... port forwading works... My port forwading from wan to segment 1 was wrong... Sorry for inconvenience. Thank for your help!

I have discoverd my mistake from your screenshot...

Same as your environment, the network 192.168.15.x is the Keenetic WAN, I attach Keenetic screenshot to show you my test config that show it. I have been a network engineer for 10 years, and the fact that you claim my solution is a nightmare shows that you probably don't understand it. That said, it seems that you're unwilling to accept the proposed or suggested solutions, so I will drop the matter. Good luck.

Your scenario it's a nightmare comparing to a simple cable connected to a switch. I mean, i can use vlans, i can bypass by multiples ways... i can use vlan in a specific ethernet port to include the principal segment in de general LAN, but the point is i can't access by wan.. In your video you loggin in with the same subnet at the router so you don't acces from outside...

Hi Manuel, Attached you will find the configuration of my test environment with a video showing how it works with SMB access from the WAN. You will also find two PDF files with your current scenario and my suggestion. As you can see, if you propagate the VLAN from Keenetic but terminate it directly on PFsense, you can manage all the necessary rules between all LAN segments from the PFSense rules. I don't know what you mean by “huge security flaw,” but it doesn't seem like that to me at all. NAT, on the other hand, could be a security issue because it doesn't allow you to manage rules in a granular way. Let me know if all is clear for you. Kindly regards Actual Scenario.pdf Suggested Scenario.pdf Video_SMB.mkv

This issue exists in keenetic OS v5 alpha 13

Release 5.0 Beta 0: DNS: added support for subnets in "object-group fqdn exclude" (reported by @Denis P) [NDM-4013] Kernel: fixed security issues: CVE-2024-36971 [SYS-1436] CVE-2024-41012 [SYS-1430] CVE-2024-50302 [SYS-1431] SSH: fixed public access via IPv6 [NDM-4010] Web: added DNS-based routes feature to the Static routes page [NWI-4186] Web: added iperf3 tool to the Diagnostics page [NWI-4371] Web: redesigned DNS Configuration page for the mobile screens (reported by @dimon27254) [NWI-4375] Web: restored the lte-firmware file in the list of system files [NWI-4367]

I found a solution. You need to connect to the main router via ssh and connect the candidate with the command: mws acquire <candidate MAC> eula-accept no-update The MAC address you need to specify is the one that the candidate gives over the wire, and not the one on the device's sticker

Eğer opkg kullaniyorsan dns override yap ve düz ve dot doh dns lerin opkg da olsun eğer router dns istemcisini kullaniyorsan önce bir tane normal dns ekle sonra dot veya doh ekle.

Şimdi ben piholeyi kullanıyorum ve modemde pi holenin dns serveri var normal olarak ve yanına başka dns serveri eklersem pi hole yine doh olmadığı için çalışır mı?

DoT veya DoH varken ve çalışıyoken düz dns çalışmaz ha DoH başarısız olursa o sefer normal devam eder tâ ki DoH düzelene kadar. Benim bildiğim yıllardır boyle.

Bi 6 ay öncesine kadar sorun yoktu. Tüm dnsleri silmiştim sadece doh vardı. Ayrıca doh yerine normal dnsyi kullanmaya da başlar diye düşünüyorum. Bi önemi kalmaz yani dohun.

Pppoe altında, dns yoksay seçili iken de düz dns'leri girili tut.

normal dns adresini silmemen gerekiyor. Low layer servisler onu kullaniyor. O olmayinca DoT veya DoH u tanimlayamiyor.

Description: Implement a feature for the Ethernet port configured for IPTV that calculates and displays an "IPTV Error Percentage" metric. The metric should be derived exclusively from packet errors associated with IPTV traffic and the total IPTV viewing duration, enabling users to accurately assess the quality of the IPTV stream in real time. Thanks...

Sorry, Manuel, but I tested the solution myself and it works fine. As described, there are other solutions, but these require a change in architecture, which I also find to be a better solution since it centralizes firewall rule management on the pfsense firewall and eliminates the (useless) NAT performed by the Keenetic router. This is not a solution because this way Keenetic see all general LAN devices, so is a huge security hole.