All Activity

Additionally, here is the log from ku_rd on successful connection of the scale: [I] Apr 25 00:46:52 ndm: Network::Interface::Mtk::WifiMonitor: "WifiMaster0/AccessPoint1": STA(d0:49:00:2f:c1:91) had associated. [I] Apr 25 00:46:52 ndm: Network::Interface::Mtk::WifiMonitor: "WifiMaster0/AccessPoint1": STA(d0:49:00:2f:c1:91) set key done in WPA2/WPA2PSK.

Hello, I'm facing a strange issue with my Keenetic router and I hope someone can help or has experienced something similar. I'm trying to share my phone's VPN connection with my Keenetic router via USB tethering. Since direct VPN sharing over USB isn't possible, I'm using the Easy Proxy app on my phone to create a SOCKS5 proxy. My goal is to configure this SOCKS5 proxy on the Keenetic router so that all connected devices can use the VPN through the proxy. Here’s the problem: When I enter any proxy address (even an invalid one like 1.2.3.4:9999), Keenetic always shows "Connected (IP address 172.20.12.1)" in the proxy settings. Even though it says "Connected", I know for sure that the connection isn't actually established, especially when using invalid addresses. When I try to connect to the SOCKS5 proxy generated by Easy Proxy (while USB tethering is active), Keenetic keeps showing "Connection failed" in practice, but still displays "Connected" in the status. I suspect that 172.20.12.1 is some kind of internal routing address used by Keenetic, but I’m not sure why it always shows as connected without validating the proxy server. My setup: Phone with USB tethering enabled and VPN active, Easy Proxy app running SOCKS5 server, Keenetic router (latest firmware). I’m trying to configure Keenetic to route traffic through the SOCKS5 proxy. What I've tried: Tested with both valid and invalid proxy addresses — always shows "Connected". Checked IP on client devices — no traffic seems to go through the proxy. Updated Keenetic firmware to the latest version. Reviewed system logs but couldn't find clear error messages regarding proxy failures. Has anyone experienced this issue where Keenetic's proxy settings always display "Connected" regardless of the actual connection status? Is there a proper way to route VPN traffic from a phone to Keenetic via SOCKS5 over USB tethering? Is there any way to force Keenetic to validate the proxy connection instead of just marking it as connected? Could this be a firmware-related bug or limitation? Any advice, workaround, or insight would be greatly appreciated! Thanks in advance.

I would be glad, if you could add controld DNS to the Internet security section. Thanks :0)

In this text, I meant that: Network: IP address: 192.168.1.1 Subnet mask: 255.255.255.0 (/24) I divided it into three parts according to the created segments: a) Segment "Home network" (segments/Bridge0): IP address: 192.168.1.1 Subnet mask: 255.255.255.224 (/27) b) Segment "Guest network" (segments/Bridge1): IP address: 192.168.1.32 Subnet mask: 255.255.255.224 (/27) c) Segment "WorkStation network" (segments/Bridge3): IP address: 192.168.1.96 Subnet mask: 255.255.255.224 (/27) Yes, saved successfully. Got it. I'll send it in the next post.

Hello @maemelyanov Could you elaborate on this part: ? Was the segments configuration you described saved successfully (i.e. if you reload the web UI, do you see it configured there)? Also, it would be great if you could attach a self-test file from your device to this thread and hide the post with it (moderators will still be able to see it).

Colleagues, hello everyone! I ask for your help, because I did not find the answer to my problem! I will be very glad if you tell me the solution to my problem! Model: Keenetic Ultra (KN-1810) System Update: OS version: 4.2.6.3 What I want to do and what I did. What I want to do: - by DHCP, for each segment, assign a pool of IP addresses, in one network. - and for the Internet to work in each segment. What I did: a) segment "Home network", (segments/Bridge0): IP Settings Specify the IP parameters for "NW Home": IP address: 192.168.1.1 Subnet mask: 255.255.255.224 (/27) - DHCP settings: Starting IP of the pool: 192.168.1.3 Address pool size: 28 - Gateway IP: did not specify - Use NAT: enable b) segment "Guest network", (segments/Bridge1): IP Settings Specify the IP parameters for "NW Guest": IP address: 192.168.1.32 Subnet mask: 255.255.255.224 (/27) - DHCP settings: Starting IP of the pool: 192.168.1.33 Address pool size: 30 - Gateway IP: did not specify - Use NAT: enable c) segment "WorkStation network", (segments/Bridge3): IP Settings Specify the IP parameters for "NW WorkStation": IP address: 192.168.1.96 Subnet mask: 255.255.255.224 (/27) - DHCP settings: Starting IP of the pool: 192.168.1.97 Address pool size: 30 - Gateway IP: did not specify - Use NAT: enable As a result, I get this: - crushed: IP address: 192.168.1.1 Subnet mask: 255.255.255.0 (/24) - into three parts, each segment with 30 IP addresses via Subnet mask BUT, at the same time: a) the "Home network" segment (segments/Bridge0): - works properly, both by wire and by Wi-Fi. And all other segments: - devices connect, but there is no access to the Internet. Please tell me what is the reason?

22/04/2025 Keenetic RMM New Added an event on changing the site status from “Online” to “Confirmation of rights required” [CIR-4363] Added a limit on the size of the event log export file [CIR-4357] Improved filters on Site detail page [CIR-4275] Added new design of “Reset” button [CIR-4362] Added blocking of seamless access to web interface for read-only role if OS version is less than 3.8 [CIR-4444] Fixed Fixed total items counter [CIR-4276]

A WiFi scale (probably ESP32 based) uses 2.4 GHz to sync. The problem is: the device connects successfully to the old Keenetic Ultra2, but can't connect to the modern Keenetic Challenger SE (KN-3911) with the same WiFi settings. ku_rd config fragment: interface WifiMaster0 country-code DE compatibility BGN rekey-interval 86400 up ! interface WifiMaster0/AccessPoint0 rename AccessPoint description "Wi-Fi access point" dyndns nobind mac access-list type none wps authentication wpa-psk ns3 xxxxx encryption enable encryption wpa2 ip dhcp client dns-routes ip name-servers ssid Deutschland25 wmm rrm up ! interface WifiMaster0/AccessPoint1 rename GuestWiFi dyndns nobind mac access-list type none authentication wpa-psk ns3 xxxxxx encryption enable encryption wpa2 ip dhcp client dns-routes ip name-servers ssid Umbreon rrm up ! KN-3911 config fragment: interface WifiMaster0 country-code DE compatibility BGN+AX channel width 40-below tx-burst rekey-interval 86400 beamforming explicit atf inbound vht downlink-mumimo uplink-mumimo spatial-reuse up ! interface WifiMaster0/AccessPoint0 rename AccessPoint description "Wi-Fi access point" mac access-list type none wps wps no auto-self-pin authentication wpa-psk ns3 xxxxx encryption enable encryption wpa2 ip dhcp client dns-routes ssid Deutschland25 wmm rrm up ! interface WifiMaster0/AccessPoint1 rename GuestWiFi mac access-list type none authentication wpa-psk ns3 xxxxxx encryption enable encryption wpa2 ip dhcp client dns-routes ssid Umbreon rrm up ! It looks like some new features are incompatible with old legacy wifi clients. During non-successful attempts there are the next entries-set in the log: [I] Apr 21 23:18:28 ndm: Network::Interface::Mtk::WifiMonitor: "WifiMaster0/AccessPoint1": STA(d0:49:00:2f:c1:91) had associated. [I] Apr 21 23:18:28 ndm: Network::Interface::Mtk::WifiMonitor: "WifiMaster0/AccessPoint1": STA(d0:49:00:2f:c1:91) MIC differs in key handshaking (msg 2 of 4-way). [I] Apr 21 23:18:32 ndm: Core::Syslog: last message repeated 4 times. [I] Apr 21 23:18:33 ndm: Network::Interface::Mtk::WifiMonitor: "WifiMaster0/AccessPoint1": STA(d0:49:00:2f:c1:91) had deauthenticated by AP (reason: previous auth no longer valid). Can anyone suggest which setting add/remove to achieve compatibility?

This issue also occurs on my side. If a device leaves the network but still appears in the device list, it is usually shown as connected via 802.11a or 802.11b. Based on my observations, if the device leaves the house without manually turning off Wi-Fi—just by going out of range—it may still appear in the list. Most likely, the device fails to properly notify the router that it has disconnected from the network. A possible solution might be for the router to send periodic automatic pings to connected devices, and if no response is received after a certain number of attempts, the device can be considered offline and removed from the list.

Adding dhcp-option DNS 8.8.8.8 dhcp-option DNS 8.8.4.4 To client config helped

I would love to see the Keenetic app compatible with ios 18 widgets and maybe some controls in the control center. Widgets could show connection status, devices connections or component status; controls in the control center could turn wifi on and off, apps like VPN and so on.

I'm trying to configure a VPN connection via Wireguard, I'm having problems managing the DNS server because it doesn't seem to pass through the tunnel, the thing is "solved" if the corresponding IP address is removed from the list of DNS servers for the tunnel and left in the AllowdIPs so the server exists, responds and works inside the tunnel but only giving up its function as a DNS server. I would like to understand if it is a bug or a configuration error on my part. Best regards, Massimiliano

I would like to ask for the implementation of a CLI / REST command to obtain the Do Not Disturb status for the telephone line. In this regard, I had previously requested a comparison with technical support who confirmed that at the moment the implemented commands only concern the turning on and off of the touchpad and its possible implementation.

I would like to request the possibility, during the configuration of the Wireguard VPN, to be able to see the QR code of the configuration for the Peer so as to be able to quickly add the tunnel for example mobile devices such as smartphones and tablets that appreciate this functionality, a bit like what already happens with the implementation of Wireguard on openwrt

Good morning, in the current preview version, KeeneticOS 4.3.0, and in the previous versions up to I believe 4.2.x, I no longer found the entry and commands relating to the management of DNS servers for the IKEv2 and IKEv1 VPN. I would like to ask if the disappearance is a bug or if the function has been withdrawn.

Good morning, I've recently been facing some problems with the Keenetic address book and it would be much easier for me to be able to deal with the various operations directly from the administrative graphic interface. For example, there is no way to add VCF cards directly from the dashboard nor to modify the address book settings or view it. I don't know how much the component is used among Keenetic users, in my use case it would be a truly welcome and appreciated implementation. Thank you in advance, Sincerely, Massimiliano

Hi. I create an OPVN server (with certificates) by this manuals (second topic with certificates and without ifconfig) https://help.keenetic.com/hc/en-us/articles/360000880359-OpenVPN-server-and-client https://help.keenetic.com/hc/en-us/articles/12514441230108-Configuring-OpenVPN-using-two-way-TLS-authentication Additionally in CLI I wrote ip nat OpenVPN0 And in client config in the bottom route 0.0.0.0 0.0.0.0 to pass all traffic to the server I am using OpenVPN client for ios When I use client config - the connection establishes and i can open the server (keenetic login page) But no internet at all What I have missed?

Hello, @alasedo. The data that our devices collect is listed here: https://keenetic.com/en/legal#dpn. Even if you have disabled the cloud features and service to communicate with the mobile app, there is still data transmission for the Authenticity Status Verification and the Internet Checker feature as outlined in the document. You can disable the Internet Checker, by executing the following commands: no service internet-checker system configuration save However, it is not possible to disable data transmission that is used for the authenticity verification purposes.

Hello. Most likely, no one will answer these questions for you. The company Keenetic manufactures routers for home use, not for the corporate segment. I have long been interested in turning off the transfer of confidential (technical) information and the answer was that they will not do this. Keenetic will not create a separate technical support segment for the corporate class and take into account the requests of the corporate sector. For the corporate class, it is better to look at Fortinet or Mikrotik devices.

Hello, Devices: 1 Peak DSL (KN-2510) router/modem mode. Internet connection over vdsl pppoe. Keenetic Os Version: 4.3.0 preview. 7 Speedster (KN-3010) devices as mesh mode. Keenetic Os Version: 4.3.0 preview. i seen under Keenetic OS; Web Interface / Diagnostics / Active Connections / Router PPPoE connected list and mesh devices connected list too many IP addresses connected. This IP addresses; 65.21.196.130, 78.46.134.143, 95.217.199.2, 135.181.129.158, 157.90.158.183, 168.119.198.59 and protocol/ports; TCP/80, TCP/443, UDP/40xx, UDP/56xx, UDP/9 . When I query the blocks of all these IP addresses subnet /24 on the internet, the result is ASN AS24940 Hetzner Online GmbH. The query was made via the ipinfo.io website. Since I thought these IP addresses were related to Keenetic cloud services and Keenetic mobile application, I removed the Service for mobile application and Cloud services agent modules from the component options from all devices. Also Automatic updates and Product Improvement Programme disabled in System Settings. After rebooting all devices, connections continued to be established over the same IP addresses. Then I tried blocking the same IP addresses and protocols/ports for Internet (PPPoE) and Local Segment from Keenetic Firewall but rules did not work. Same IP addresses continued to connect. I believe Keenetic devices collect sensitive data and transmit it to their servers. Since these Keenetic devices are located in a corporate company, we do not want any devices information and/or any of its connections to be transmitted to any Keenetic Cloud System, Keenetic Hosts/Servers/RMM and Keenetic Mobile App etc. I urgently request detailed technical support regarding this issue. We are concerned about system and network security. I am also leaving a screenshot of these connections. In addition, the same IP addresses connection also occurs on 7 Speedster (KN-3010) devices connected to the Peak DSL (KN-2510) router as a mesh. The same problem exists in the Keenetic Os 4.2.6.3 stable version. Thank you very much. @admin @ndm @Le ecureuil @hellonow @slomblobov Best regards.

Hi I did connect to ocserv with cisco anyconnect perfectly 2 weeks ago. Now, i can't connect with ios and android but with windos connect Please guide me

I need 5ghz for virtual head set downstairs but dsl cable is on the second floor(so must router) is there a chance this mesh system will work will I even get internet on 5ghz channel?

Release 4.3.0 (preview): Cifs: removed "CIFS" suffix from the mDNS name of the device [NDM-3648] IP: implemented deletion of routes by “route delete” command when importing from a bat-file (reported by @VVS) [NDM-3778] IPv6: implemented DNS server configuration for subnets [NDM-3702]: ipv6 subnet {name} dns-server ({address1} [address2] | disable) Web: fixed absence of buttons on the confirmation popup dialog in the Fail-safe mode (reported by @vk11) [NWI-4143] Web: fixed appearance of the "Read more" button in the list of knowledge base articles (reported by @VVS) [NWI-4137] Web: fixed Applications page loading error [NWI-4104] Web: fixed color of the separation line on the "Network Ports" tile [NWI-4145] Web: fixed excessive row height in the Client Lists table (reported by @AndreBA) [NWI-4133] Web: fixed issues caused by updating the style of control elements (reported by @dimon27254) [NWI-4140] Web: fixed issues in the mobile version of the Connection Policies page (reported by @dimon27254) [NWI-4114] Web: fixed line spacing in text annotations in the mobile version (reported by @dimon27254) [NWI-3872] Web: fixed saving of the main menu in a hidden state when closing and reopening the browser window (reported by @cheburashkaDDNS) [NWI-4120] Web: fixed selection of segments on the traffic monitor pie chart in the mobile version (reported by @dimon27254) [NWI-4079] Web: redesigned "My networks and Wi-Fi" tile on the dashboard [NWI-4071] Wi-Fi: fixed transfer of multicast and broadcast traffic when client isolation is enabled on mt7981-based devices [SYS-1329]

Resolved.