All Activity

Hi, I have a KN-2410 and I keep having problems where I can't see any Wi-Fi settings or clients in the web interface. I have to restart it every time for it to work again. I've attached the logs. I'm using version 5.1 Beta 3, but this error also occurs with other versions. I also have the problem that when my mesh nodes are assigned static IPs, they no longer communicate properly with each other. log.txt

Release 5.1 Beta 3 (preview) Ethernet: resolved an issue in the Ethernet switch that affected the handling of 802.1Q frames with VLAN ID 0 [SYS-1785] Mobile: added support for the newer 6-digit mobile network operator PLMN identifiers [NWI-4838] Web: resolved an issue with the Firewall Rule editor (reported by @spatiumstas) [NWI-4835] Web: resolved the issue with WISP connections to networks that have special characters in their names [NWI-4836]

I solved my IPv6 and DNS problem. The problem: I didn't have IPv6 before, I used Adguard Home on a mini-PC for IPv4, and everything worked. After setting up to receive (dynamic) IPv6 from the provider, I found that the devices that run on IPv6 stopped accessing AdGuard Home. These devices accessed the router's DNS, and the router used some kind of global DNS (possibly the provider's DNS) instead of my Adguard Home. Solution: The devices generate Link-Local (fe80::) addresses for themselves. But the UI does not allow you to specify such an address as an IPv6 DNS address (I suppose there are reasons for this). But the UI allows you to specify a ULA (Unique Local Address (fd**::)) IPv6. Currently, by default, Keenetic does not enable the distribution of ULA addresses to devices. To enable this, run the command (on the <router address>/a or <router address>/ControlPanel/cli page) : OR to assign a random ULA IPv6 prefix: ipv6 local-prefix default OR to assign a specific ULA IPv6 prefix: ipv6 local-prefix fd00:caba::/48 (I found the commands here) Don't forget to save the changes: system configuration save Find the IPv6 address on the device (mini-pc/Raspberry), (for example, using ifconfig) and enter this IP in: My Networks and Wi-Fi → Home segment → DNS IPv6 server 1 After that, devices on the local network will receive IPv6 DNS belonging to the device with AdGuard Home and send DNS requests directly to it.

18/05/2026 Telegram Notifications Restored The technical issue has been resolved. Telegram notifications about sites and nodes changing to Online, Warning, and Offline statuses have been re-enabled and are now operating normally. Thank you for your understanding.

RMM is always in beta, it's slow, RMM is not available as a self-hosted instance on my private cloud. Access to the GUI is done through the Keenetic proxy service external of my infrastrucure. This type of usage is not desired. I will explore others solutions for access GUI.

I use RMM for that. You can connect all the routers via VPN and access them all at once from one location.

"The connection is through keendns, through the priority provider, and in case of its disconnection, it automatically goes through the backup one." Ok, now it's more clear, but on my scenario, I need to access via GUI to all WAN and manage the device. This is all.

Do you use all 3 internets at the same time in load balancing mode or as a backup? I have 2 providers, it works in the main and secondary connect (back-up mode), with a public IP. The connection is through keendns, through the priority provider, and in case of its disconnection, it automatically goes through the backup one.

I agree with you that this type of access via IP and HTTP can be insecure. However, in complex deployments (for example, 3 WAN connections with 3 static public IPs), we need the ability to access the device through any of those connections. Using Keenetic KeenDNS works well in environments with a limited number of installed routers. But how does KeenDNS handle a scenario with 3 WANs and 3 public IPs? FQDN associated to on of 3 IPs... The requirement is to have selective access and full control of the device depending on the active WAN or reachable public IP. In addition, for each router it is necessary to generate a dedicated KeenDNS FQDN and maintain a complete inventory. Now imagine managing 100 routers, each with 2 or 3 public IP addresses. My interest is to access the GUI directly via IP address, preferably using HTTPS. Now via HTTP and IP work fine.

And if you want not the setting as it is currently implemented (ie to use direct mode KeenDNS name, which at moment works on a system primary connection, be noted - backup connections won't get pointed to until become primary), but actually post a feature request (as per forum section), then there's little chance it is automated. System would have to store certificate issued for IP address (not domain name), which is uncommon and also not secure. sorry I'm not telling more, as simple AI question reveals a bunch of 'why's it is not recommended even from a user point of view. In a case this address is dynamic, for one, router will have to request new certificate and revoke the old one each time the change happens, This is definitely not what your CA provider expects. And if you suddenly get the CG-NAT you instantly lose access (which wouldn't be a problem with KeenDNS solution, as it can automatically fall back to cloud base). I simply had a thought as there was an example above, where protocol is https and address is actually the IPv4 number. this is not how it works, usually Please confirm if you want specifically access via HTTPS protocol using cleartext IP of your router, and if that is the case, then any details you can share may be of help.

If you want to access over your public IPs, though, there's no need to set up anything apart from opening the HTTP access on the Management - Users & Access - Inbound Management Access: apply HTTP + HTTPS. mind that this will not be secure, as you'll be using plain http to open website by its IP address. not recommended in WAN scenario. recommended practice is to use KeenDNS - it has Direct mode where your traffic goes via your IP directly, not using cloud bounce all this is in KB by the way, try support section on the Keenetic website

Release 5.1 Beta 2 (preview) Mobile: enabled the display of signal level, band, downlink and uplink frequency, BSSID, TAC/LAC, and PCI/PSC data, where available during mobile network scans with Hero 5G (KN-4110) devices [NWI-4800] MWS: added support for mobile network scanning with embedded 5G/4G modems on Wi-Fi System Extenders [NWI-4802] MWS: enabled the display of connection details for client devices connected to Wi-Fi System Extenders via Ethernet [NDM-4429] Web: adjusted the height of the list on the Application Traffic Analyser page (reported by @dimon27254) [NWI-4819] Web: resolved the issue that occurred when changing the network port speed on the System Settings page [NWI-4833] Web: updated the Wi-Fi Network Settings editor window to resolve the issue when configuring the WPA Enterprise protection [NWI-4806] Web: fixed the display of the current time in the schedule editor [NWI-4815] Web: resolved the scrolling issue for the mobile view of the Application Traffic Analyser page [NWI-4816] Web: fixed the display of transmitted traffic statistics for unregistered clients on the Client Lists page (reported by @x13) [NWI-4834] Web: fixed the Download Station application operation [NWI-4826] Web: fixed several issues with the Wi-Fi settings (reported by @spatiumstas, @keenet07) [NWI-4813] Web: adjusted the contrast of table elements to improve readability (requested by @spatiumstas) [NWI-4805] Web: removed the unnecessary 'Delete' button from the WireGuard VPN Server connection statistics window in mobile view [NWI-4809] Web: updated the Traffic Monitor card on the Dashboard page for better performance in mobile view [NWI-4779] Wi-Fi: updated the MediaTek Wi-Fi 7 SoC firmware and wireless driver to improve stability, compatibility, and performance in various Wi-Fi operation scenarios [SYS-1772] WireGuard: fixed the issue with multiple connections operation after a device restart (reported by @tkost, @Robespierre) [NDM-4418]

Device: Keenetic Ultra (NC-1812), hw_version 1218C000 Firmware: KeeneticOS 5.01.B.1.0-0 (5.1 Beta 1, preview channel, built Apr 18 2026) Chipset: MT7992-BE7200 (WiFi 7), SKU: #5.MT7992-BE7200-7975-7977 Resolved by: Downgrade to KeeneticOS 5.0 stable (main channel) Problem WiFi became completely unstable — both 2.4 GHz and 5 GHz bands affected simultaneously. Wired Ethernet worked perfectly throughout. The problem persisted across router reboots and WiFi radio restarts (interface WifiMaster0/1 down/up). Symptoms Wireless clients unable to auto-connect — must toggle WiFi off/on on the client device When connected, connection drops after seconds to minutes Drops are distance-dependent (worse at range) but also occur within 1 meter of the router After drop, clients get stuck in "zombie state" — they think they're connected but the router has already deauthenticated them Affects all client types: iPhones (iOS 18), iPads, Android (Galaxy S20 FE, Redmi A7 Pro), Huawei tablet, Denon AVR, Yandex Station, IoT sensors ~15 WiFi clients on the network Log evidence (from self-test and syslog) PTK 4-way handshake timeouts (router sends msg 1, client never responds): May 8 11:26:31 WifiMaster1/AccessPoint0: STA(ba:c3:32:22:e6:9e) pairwise key handshaking timeout (msg 1 of 4-way) May 10 19:36:31 WifiMaster0/AccessPoint0: STA(c4:82:e1:21:34:af) pairwise key handshaking timeout (msg 1 of 4-way) MIC corruption during key exchange: May 8 11:29:14 WifiMaster0/AccessPoint0: STA(1e:9f:6c:f6:d2:31) MIC differs in key handshaking May 8 12:45:19 — same device, repeated May 8 13:27:35 — same device, repeated Group key handshake timeout: May 9 12:00:14 WifiMaster1/AccessPoint0: STA(1e:9f:6c:f6:d2:31) group key handshaking timeout RSN IE failure: May 10 19:36:21 WifiMaster1/AccessPoint0: STA(1e:9f:6c:f6:d2:31) RSN IE sanity check failure (status code: 43) Mass simultaneous disconnection — all clients on both bands at once: May 10 19:42:57 WifiMaster0/AccessPoint0: STA(c4:82:e1:21:34:af) disassociated by AP (reason: due to inactivity) May 10 19:42:57 WifiMaster0/AccessPoint0: STA(00:06:78:4d:b7:9e) disassociated by AP (reason: due to inactivity) May 10 19:42:57 WifiMaster0/AccessPoint0: STA(82:a3:78:3d:23:24) disassociated by AP (reason: due to inactivity) May 10 19:42:57 WifiMaster0/AccessPoint0: STA(d4:12:43:ae:ef:62) disassociated by AP (reason: due to inactivity) May 10 19:42:57 WifiMaster1/AccessPoint0: STA(b2:92:d9:13:a9:53) disassociated by AP (reason: due to inactivity) May 10 19:42:57 WifiMaster1/AccessPoint0: STA(8c:c8:4b:a5:5f:db) disassociated by AP (reason: due to inactivity) May 10 19:42:57 WifiMaster1/AccessPoint0: STA(92:7a:20:d3:34:b1) disassociated by AP (reason: due to inactivity) May 10 19:42:57 WifiMaster1/AccessPoint0: STA(82:fe:44:93:b9:91) disassociated by AP (reason: due to inactivity) Constant "retransmits limit reached" for multiple devices across all 3 days. What was ruled out RF interference: Channel scan shows <10% load on both bands, minimal neighbor networks Neighbor issues: Adjacent apartments report no WiFi problems Channel selection: Tested manual channels (ch 11 on 2.4 GHz, ch 36/80 MHz on 5 GHz) — no improvement Band steering: Disabled via CLI — no improvement WPA3/FT: Disabled both — no improvement Radio restart: interface WifiMaster0/1 down/up — no improvement Router reboot: Full power cycle — no improvement Hardware failure: No kernel panics, watchdog resets, thermal warnings, or PHY errors in logs Configuration at time of issue SSID: same on both bands (band-steering enabled) Security: WPA2 + WPA3 (SAE), PMF, Fast Transition (802.11r) 2.4 GHz: auto channel, 20/40 MHz, BGN+AX+BE 5 GHz: auto channel, up to 160 MHz, AN+AC+AX+BE WireGuard VPN active USB storage (Seagate 2TB NTFS) attached Resolution Switching from preview channel (5.1 Beta 1) to main channel (5.0 stable) immediately resolved all WiFi issues. No configuration changes were needed — same settings work perfectly on 5.0. Self-test diagnostic files from during the issue are available on request.

yes, https work with fqdn, you must obtain this certificate with ip http ssl acme get mydomain.xxxxx, use other ddns server for this (you must have A dns record for this mydomain.xxxxx linked with you public ip)

I think it's better to go in and read the router logs first.

So you think all we need to do is reset the settings on the second switch and everything will work?

So where are you at with the DNS-Based Routes for custom policies? I see no mentions in the latest release notes.

Most likely the main kinetic is resetting the network. The Internet should appear after connecting.

04/05/2026 New Added event grouping in Telegram messages: if more than 10 events occur within one minute, they are combined into a single message Added display of additional connection parameters on the Sites Detail page Updated the design of buttons and filters Updated the design of elements on the Sites and Nodes pages Added a "Blocked" status for linked Telegram accounts if the supergroup thread has been closed to new posts by the administrator Fixed Fixed behaviour when copying an invitation link to a team Fixed the model count counter in the chart on the Dashboard page Fixed the display of client names on the traffic distribution chart Fixed the display of rows in the Nodes and Sites tables when running OS Update and Reboot operations Fixed the display of pinned rows and columns in tables Fixed the display of the icon for an inactive mobile connection

Hi everyone, I need help connecting two switches. I have a Challenger SE router and two KN-4710 switches that I want to connect. When I connect the first switch to the router, everything works fine—the internet is up and running—but as soon as I connect the second switch to the first one, the internet stops working. Can you tell me what might be causing this? There’s definitely no looping.

The only way it's enable GUI on HTTP port and add Firewall rules to permit only desired IP an block all others IPs. HTTPS work only whit FQDN and Certificate. Not whit IP.

Then try to grant access from external IPs to the desired one on the interface in the firewall

The Keen DNS, it's ok, but not for my installations. I need access via IP, on all Public IP of all Interfaces.

Register the YourName.keendns.pro in the Keen DNS. Connect to the web interface using the specified name (YourName.keendns.pro). The main thing is to set a strong password.

Update Via CLI interface Dummy0 (to create Dummy0 interface and after add IP address x.x.x.x) ip static Home x.x.x.x (to NAT Home Segment using Source x.x.x.x)