All Activity

Create new connection policy on keenetic router. Enable "use for to access internet" option in wireguard settings. (Keenetic) Add that wireguard connection in policy you just created. After that you can add any device in that policy. Your device should use your vps wireguard connection.

Hi all Need some help from community to configure sharing internet from 4g modem using proxy server on keenetic. Device model: Giga (KN-1011), KeeneticOS version: 4.3.6.2 Three internet channels are connected to it (connection priorities, default policy, are in this order): 1) LAN-1 2) LAN-2 3) 4G modem Huawei E3372h-320 modem connected via USB KeenDNS is connected and configured External clients need to be able to connect to the router via a proxy and have access to internet via the 4G modem, while the connection priority for users within the network is in the order specified above. I installed and configured the 3proxy proxy server on my router. I can connect to the proxy from the outside via KeenDNS. user.keenetic.link:40097 I configured port forwarding from 40097 to 45697 45697 is the port the proxy is running on. The problem is that when connecting through this proxy, the external client receives an IP from the LAN-1 connection, but the "4G modem" connection should be used. The default connection policy should be left as is: LAN-1 is the primary connection, LAN-2, and the 4G modem are the backup connections. How can I properly configure routing so that external clients can access the internet via the 4G modem when connecting through the proxy? Thanks in advance for any tips and ideas.

Hello. I have ipv6 vpn service. But I can't reach internet after vpn connection. The vpn server use encapsulated method on server side. First it connect ipv4 server after that it create a ipv6 tunnel on ipv4 connection. But keenetic doesn't create ipv6 tunnel after succesfully connected ipv4 connection. In addition I can connect and succesfully get ipv6 ip adress with official android openvpn software. Thats why I am ask your help. I am sure vpn server have not any problem. Probably I can say that the problem source is KeeneticOs or openvpn package. Currently my KeeneticOs version is 4.3.6.1 Here you can get information encapsulated ipv6 feature of openvpn. https://openvpn.net/as-docs/ipv6-support.html#access-server-and-ipv6-support I searched google a lot. I tried many ways still I doesn't reach any solution. I can provide my ovpn file if you need to test or any other log file etc.

Release 5.0 Beta 3 (preview): CIFS: fixed copying files using named streams (reported by @dimon27254) [SYS-1450] DNS: added support for IP subnets in "object-group fqdn include" [NDM-4078] DNS: fixed forwarding of servfail.invalid requests to external servers [NDM-4069] DNS: fixed overload of "Dns::Route::ResolveQueue" [NDM-4086] DNS: reduced the resolving intensity of unused “object-group fqdn” names (reported by @dimon27254) [NDM-4082] IPsec: fixed transition of L2TP traffic when L2TP/IPsec server is running [NDM-4068] IPv4: fixed disabling of individual static routes (reported by @dimon27254) [NDM-4076] IPv6: enabled external access to backup WAN interfaces (reported by @qmxocynjca) [NDM-4067] VPN: implemented DNS server overriding for clients of built-in VPN servers [NDM-4032]: crypto map virtual-ip dns-servers {dns1} [dns2] crypto map l2tp-server dns-servers {dns1} [dns2] sstp-server dns-servers {dns1} [dns2] vpn-server dns-servers {dns1} [dns2] oc-server dns-servers {dns1} [dns2] Web: fixed blocking of Wi-Fi toggles in MWS extenders (reported by @dimon27254) [NWI-4450] Web: fixed display of application blocking status (reported by @FLK) [NDM-4051] Web: fixed display of drop-down lists on mobile screens (reported by @dimon27254) [NWI-4448] Web: fixed display of TunnelSixInFour interfaces when editing static rules (reported by @Denis P) [NWI-4456] Web: fixed display of WireGuard server statistics (reported by @Denis P) [NWI-4425] Web: fixed help sign jumping on mobile screens (reported by @dimon27254) [NWI-4447] Wi-Fi: fixed potential system crash when using OWE authentication [SYS-1461]

-Translate: Hello, I'd like to report an issue with the DNS-based route addition page. I configured my Warp Wireguard connection as shown in the image. Both initially worked without issue, but after turning the setting off and on, adding new domains, or deleting and re-adding them completely, the "domain" redirection in the route list became corrupted. Even deleting profile and re-adding them didn't work properly. The IP side appears to be working fine. Do you experience this issue as well? I'd appreciate it if you could try it and report back. 5.00.B.3.0-2 - 1811

Leg4te You're the man! God bless you for your brilliant way to acquire an extender. It did work!

@TarkanTevetoglu so far we don't see any obvious issues with your configuration. Could you try the following to see if it resolves the issue: download the startup-config file from your device (to roll back to it if necessary) delete all Firewall/Port forwarding rules that you created check if you can access your router via KeenDNS after you've deleted the rules ? If this does not help, you can upload the startup-config to restore all the rules you have now.

I can understand your frustration, but this forum is not technical support. I will forward your self-test data to people who will be able to look into this issue during working hours next week. In the meantime you can contact technical support here: https://support.keenetic.com/eu/?lang=en https://support.keenetic.com/tr/?lang=en

I will think twice before buying a keenetic network product again. Technical service is very fast.

Please check out this KB article: https://help.keenetic.com/hc/en-us/articles/360021214160-Installing-the-Entware-repository-package-system-on-a-USB-drive You don't need an SSH connection to actually install the Entware. You should be able to connect to the Entware shell via SSH once it is installed on your new drive.

@TakaiSaisei please attach the self-test file from your device in a hidden message to this thread. You can check out this KB article to see how to download the self-test file.

I tried everything but couldn't get rid of it

I installed entware package to install qbittorrernt. It works but i tried it from USB drive which is 8 gb. So i wanted to use a HDD 1 TB for it i make partitions linux swam, ext4 and exfat for it. And i wanted to fresh install to hdd but if i disconnect the usb i cannot ssh to router so i cannot install Entware to HDD. i can use telnet but this work for nothing so you cannot install entware to a new hdd Could anyone have an idea to solve this?

wireguard pre-shared key is not hided in corresponding WireGuard properties pop-up window. also it is 'open' in "startup-config" file (downloaded via "General System Settings"). it expected to be encrypted in "startup-config" file how it is done with L2TP pre-shared key. how i can make router to 'hide' it?

Release 5.0 Beta 2 (preview): CIFS: fixed excessive restarts when running a Wireguard server (reported by @dimon27254) [NDM-4059] DNS: fixed a busy loop when processing malformed responses (reported by @vitalik6243) [NDM-4034] DNS: fixed the operation of exclusive routes (reported by @keenet07) [NDM-4046] IPv6: fixed access to services running on interfaces with “private” security level (reported by @KirillR) [NDM-4061] OpenConnect: enabled support for Basic authentication [NDM-4037]: interface {name} openconnect allow-basic-auth SFP: fixed hardware reset of embedded switch on KN-1012 when using an external xPON SFP module [SYS-1455] Web: added IPv6 settings to Segments [NWI-4373] Web: allowed USSD requests starting with # [NWI-4401] Web: fixed display of segment access points after deletion (reported by @Sh1kuren) [NWI-4407] Web: fixed DNS profile editing when the "dns-filter" component is not installed (reported by @dimon27254) [NWI-4396] Web: fixed interface display when editing DNS-based routes (reported by @ftn453) [NWI-4405] Web: fixed KeenDNS configuration (reported by @ftn453) [NWI-4427] Web: fixed printing of Wi-Fi information with a custom logo (reported by @dimon27254) [NWI-4387] Web: fixed sorting of tables by ports and profiles (reported by @Серов Николай) [NWI-4386] Web: fixed static routing configuration issues (reported by @Denis P) [NWI-4428] Web: fixed validation of iperf3 parameters (reported by @dimon27254) [NWI-4402] Web: implemented the new Internet card on the dashboard [NWI-4377] Web: improved the naming of WireGuard configuration files (reported by @dimon27254) [NWI-4424] Wi-Fi: fixed blocking of legacy b/g clients when n/ax compatibility mode is configured [SYS-1446] Wireguard: fixed display of remote peers' IP addresses and ports (reported by @Denis P) [NDM-4064]

I can see IP destination in management - diagnostic - active connections, but I need to see them resolved, not raw IP

I started to have issues with several clients downloading content from an amazon application. I suspect traffic may be blocked by my internet provider, How can i see which addresses are hit by the client (preferably without starting sniffer), so will redirect them Thanks

IPv6 on Keenetic could be so much better if: - Firewall GUI for IPv6 can be added with the same options that IPv4 has - Wireguard could support public /64 (and lower) subnets derivatives from /56 or /48 prefixes - Client could have static IPv6 directly from the router (and the router on the "Client List" could show the actual IPv6 address of the device) - KeenDNS could use IPv6 direct access on public networks I think it could make Keenetic products more ready for a IPv6-first world

Hi, I’m in the same situation with separate Home and IoT segments. Multicast relay is enabled, firewall rules are in place, but discovery from Home still doesn’t work. Did you manage to get it working on your side?

Release 4.3.6.1 (preview): DNS: fixed a busy loop when processing malformed responses (reported by @vitalik6243) [NDM-4034]

Any possibility to perform internet speed test (manual or scheduled) for each node?

Release 5.0 Beta 1 (preview): Ethernet: fixed bogus half-duplex link status for 2.5 Gbps [SYS-1438] IPsec: fixed "identity-local" reset during reconfiguration [NDM-4036] MWS: implemented the use of an Extender's built-in 4G modem as a WAN connection [NDM-4027] USB: fixed "invalid argument" error when polling SMART on SATA drives [NDM-4026] VRRP: imlpemented support for VRRP version 2 and 3; can be installed as a separate component [SYS-1443]: interface {name} vrrp group {group} ip {ip} — set virtual IP address for the group. interface {name} vrrp group {group} priority {priority} — set priority (integer in the range 0 to 255), the device with the numerically highest priority becomes the master in the group. interface {name} vrrp group {group} advertise {advertise} — set advertisement interval in seconds (integer in the range 1 to 255, the default is 1) interface {name} vrrp version {version} — set protocol version, supported values: default — use version 2 for IPv4 and version 3 for IPv6. v2 — strict compliance to VRRP version 2: zero VIPs are not allowed; IPv6 addresses not allowed; state MASTER can be configured if and only if priority is 255. v3 — compliance to VRRP version 3 for both IPv4 and IPv6. v3-compat — VRRP version 3 compatible with some manufacturers (e.g. Cisco and Juniper) who interpret RFC5798 5.2.8 as applying only to IPv6, since the pseudo-header in RFC2460 is specified only for IPv6, although most open source implementations include the pseudo-header for IPv4. This option enables the IPv4 pseudo-header, but excludes it from the checksum calculation for IPv4. show interface {name} vrrp — show VRRP status. Web: added IPv6 support on the Port Forwarding page [NWI-4213] Web: fixed issues with the WireGuard server configuration (reported by @dimon27254) [NWI-4372] Web: fixed issues with tooltips on the Wi-Fi system page (reported by @dimon27254) [NWI-4379] Web: fixed timestamp of the last WireGuard handshake (reported by @dimon27254) [NWI-4384]

Could not get it to work for devices included in policies. e.g.: Default policy - ISP connection; VPN policy - wireguard connection; NOVPN policy - ISP connection; Tests: 1. Device in Default policy, add dns route to youtube.com via VPN interface, traceroute device->youtube - OK (traffic goes through VPN) 2. Device in NOVPN policy, add dns route to youtube.com via VPN interface, traceroute device->youtube - FAIL (traffic goes through ISP) 3. Device in VPN policy, add dns route to youtube.com via ISP interface, traceroute device->youtube - FAIL (traffic goes through VPN) Is it possible to either respect the DNS routing (just like regular static routing does) for policies-using devices or allow policy-based routing to use object groups? PS: (KN-1012, 5.0 Beta 1)

On Keenetic devices, applying QoS at speeds like 1000 Mbps requires significant CPU resources. That’s why you may notice a reduction in overall internet speed when limits are set. In general, we don’t recommend enabling QoS for such high-speed packages. If you need prioritization, it’s more efficient to create limited rules for specific devices or applications instead.

I have 1000 Mbps download and 50 Mbps upload internet speeds. In my tests, I'm getting 930 Mbps download and 65 Mbps upload speeds. I'm having trouble trying to limit my line speed to 900 and 50 in the Keenetic IntelliQoS settings. As I mentioned, upload speeds are 50 Mbps, but download speeds are capped at 250 Mbps.