All Activity

I added "ip nat Chilli0" to my config on Keenetic router. Then the issue is resolved. I don't understand. Why is this needed ? Shouldn't it be enabled by default ? Also , if I don't add Firewall rule "tcp allow any" to the Guest interface, the user can not get to the UAM server login page. Why ?

Hello, I'm trying to implement a captive portal on a Keenetic router in the guest network. My UAM and RADIUS servers are ready. I've entered the necessary parameters into the captive portal's "my profile" section as follows: UAM_Server: http://192.168.1.40:3990/login UAM_Secret: secret_2024 Radius Server: 192.168.1.40 Radius Secret: radius_secret RADIUS NAS ID: keenetic I'm trying to access it from an Android phone. When I connect to the Guest page, I'm redirected to the login page. There, I only authenticate by clicking the "accept" button. And I see "success" in the logs. 10.1.30.6 - - [21/Feb/2026 23:59:47] "GET /login?res=notyet&uamip=10.1.30.1&uamport=3990&challenge=e2fa752793a8de730eb4daebd27f5992&called=52-FF-20-F8-5D-78&mac=B2-D0-DC-7D-9C-B4&ip=10.1.30.6&nasid=keenetic&sessionid=177171836000000005&userurl=http://play.googleapis.com/generate_204&md=23DA19D9D824E0D449FBFA23DD88F63F HTTP/1.1" 200 - 10.1.30.6 - - [21/Feb/2026 23:59:47] "GET /favicon.ico HTTP/1.1" 404 - 10.1.30.6 - - [21/Feb/2026 23:59:48] "POST /accept HTTP/1.1" 302 - 10.1.30.6 - - [21/Feb/2026 23:59:48] "GET /login?res=success&uamip=10.1.30.1&uamport=3990&called=52-FF-20-F8-5D-78&uid=B2-D0-DC-7D-9C-B4&timeleft=300&mac=B2-D0-DC-7D-9C-B4&ip=10.1.30.6&reply=Welcome&nasid=keenetic&sessionid=177171836000000005&userurl=http://play.googleapis.com/generate_204&md=E50C1463B84B2838B5FF3801A094F6C3 HTTP/1.1" 200 - Then, when I check the router's CLI, I see that the client is connected and packets are being passed through: (config)> show interface Chilli0 chilli host: session-id: 177174301100000003 user: CC-F8-26-D5-00-96 ip: 10.1.30.20 mac: cc:f8:26:d5:00:96 start-time: 178 end-time: 300 idle-time: 0 idle-time-limit: 0 tx-bytes: 37575 tx-bytes-limit: 0 rx-bytes: 19874 rx-bytes-limit: 0 tx-speed: 0 tx-speed-limit: 0 rx-speed: 0 rx-speed-limit: 0 It's receiving the IP address 10.1.30.20. However, the Android client still doesn't see itself as connected and can't access web pages. The "Sign in to the network" warning persists. When I ping 10.1.30.20 from the router: PING 10.1.30.20 (10.1.30.20): 56 data bytes 64 bytes from 10.1.30.20: seq=0 ttl=64 time=79.626 ms 64 bytes from 10.1.30.20: seq=0 ttl=64 time=79.683 ms (DUP!) 64 bytes from 10.1.30.20: seq=1 ttl=64 time=29.208 ms 64 bytes from 10.1.30.20: seq=1 ttl=64 time=29.251 ms (DUP!) 64 bytes from 10.1.30.20: seq=2 ttl=64 time=51.577 ms 64 bytes from 10.1.30.20: seq=2 ttl=64 time=51.641 ms (DUP!) If I close the captive portal and access the site normally as a guest, I get the same IP address (10.1.30.20) and the ping result is correct: PING 10.1.30.20 (10.1.30.20): 56 data bytes 64 bytes from 10.1.30.20: seq=6 ttl=64 time=1135.330 ms 64 bytes from 10.1.30.20: seq=7 ttl=64 time=135.173 ms 64 bytes from 10.1.30.20: seq=8 ttl=64 time=10.261 ms 64 bytes from 10.1.30.20: seq=9 ttl=64 time=5.695 ms 64 bytes from 10.1.30.20: seq=10 ttl=64 time=3.116 ms When I look at the interfaces for the captive portal and the normal guest via the router, I see a difference: When there is no captive portal, the interface name appears as Guest and "link: up". When there is a captive portal, the interface name appears as Chilli0 and "link: down". (config)> show interface Chilli0 id: Chilli0 index: 0 interface-name: Chilli0 type: Chilli description: Guest network traits: Ip traits: Chilli link: down connected: yes state: up mtu: 1500 tx-queue-length: 1000 admin-only: no address: 10.1.30.1 mask: 255.255.255.0 uptime: 35 global: no security-level: protected bridge: interface, link = yes: GigabitEthernet0/Vlan3 interface, link = yes: WifiMaster0/AccessPoint1 interface, link = yes: WifiMaster1/AccessPoint1 uam-auth: 192.168.1.40:3990 max-auth: 1 summary: layer: conf: running ipv4: running ctrl: running (config)> show interface Guest id: Bridge1 index: 1 interface-name: Guest type: Bridge description: Guest network traits: Mac traits: Ethernet traits: Ip traits: Ip6 traits: Supplicant traits: EthernetIp traits: Bridge link: up connected: yes state: up mtu: 1500 tx-queue-length: 0 admin-only: no address: 10.1.30.1 mask: 255.255.255.0 uptime: 421 global: no security-level: protected ipv6: addresses: address: fe80::50ff:20ff:fef8:5d78 prefix-length: 64 proto: KERNEL valid-lifetime: infinite mac: 52:ff:20:f8:5d:78 auth-type: none bridge: interface, link = yes: GigabitEthernet0/Vlan3 interface, link = yes: WifiMaster0/AccessPoint1 interface, link = yes: WifiMaster1/AccessPoint1 summary: layer: conf: running link: running ipv4: disabled ipv6: disabled ctrl: running (config)> Because of this difference, the client connecting through the captive portal cannot access the site. Where is the problem? How can I fix it?

Release 5.1 Alpha 2 Hotspot: implemented commands to turn off the SSDP and WS-Discovery network host discovery methods [NDM-4283] interface {name} ssdp disable interface {name} wsd disable LTE: implemented a timeout mechanism to switch back to the primary SIM on the dual-SIM modem [NDM-4129] interface {name} suspend timeout {seconds} interface {name} suspend schedule {schedule} MWS: fixed the issue with the connection display for wired client devices [NDM-4282] Web: implemented turning off the modem power cycle for custom Internet availability checker modes [NWI-4629] Web: fixed the sorting mode icon display in content filter settings (reported by @dimon27254) [NWI-4671] Web: fixed the tooltip display in proxy connections list (reported by @spatiumstas) [NWI-4670] Web: improved the line wrapping for the mobile view of the system log (reported by @spatiumstas) [NWI-4680] Wi-Fi: resolved the issue of the channel width decreasing below 80 MHz when the Adjustment ZeroWait DFS is active [SYS-1544] Wi-Fi: eliminated security vulnerabilities [SYS-1542] CVE-2014-3570 CVE-2022-4304

after updating 5.0.6 to 5.1 alpha 1 media server doesn't work - it shown in interface as ON, and configured - doesn't show up on network player - doesn't show up in logs (there's no `Dlna::Server: service started.` message) - reinstalling component doesn't help - downgrading to 5.0.6 helps context: router has "recommended" components installed + dlna, transmission, ftp, smb, DoH, DoT, ext4 (no opkg)

The main thing is that everyone is silent, no one who is knowledgeable will write an explanation. It seems that the developers only read the Russian forum.

there is ssl issues, it seems.

+1

Release 5.1 Alpha 1 Dns: implemented basic access authentication (RFC 7617) for DNS-over-HTTPS (DoH) server URIs [NDM-4168] IPv6: implemented IPv6 access lists [NDM-4130] ipv6 access-list {acl} ipv6 access-list {acl} (permit | deny) ((tcp | udp) ({source} | (host {source}) | any) [port (((lt | gt | eq) {source-port}) | (range {source-port} {source-end-port}))] ({destination} | (host {destination}) | any) [port (((lt | gt | eq) {destination-port}) | (range {destination-port} {destination-end-port}))]) | ((((ipv6 | esp | ahp | pcp | sctp)) | {protocol}) ({source} | (host {source}) | any) ({destination} | (host {destination}) | any)) | (icmp ({source} | (host {source}) | any) ({destination} | (host {destination}) | any) [(icmp-message | ({icmp-type} [{icmp-code}]))]) ipv6 access-list {acl} rule {index} (disable | (schedule {schedule}) | (order {new-index}) | (description {description})) ipv6 access-list {acl} auto-delete KeenDNS: fixed updating static DNS records after switching the service from cloud to direct mode [NDM-4255] Storage: implemented tools to check and format the file system [NDM-4239] media {name} partition {partition} check media {name} partition {partition} format {type} Web: added IPv6 rule configuration to firewall [NWI-4614] Web: dedicated a page for configuring storage devices and USB devices [NWI-4583] Web: fixed editing of DNS-based routing rules (reported by @dchusovitin) [NWI-4622] Web: implemented reordering of DNS-based routing rules [NWI-4659] Wi-Fi: fixed the cause of Wi-Fi clients dropping from 80 MHz channel width when the Adjustment ZeroWait DFS was triggered [SYS-1544] ZeroTier: implemented an option to connect to custom networks that use private root servers (moons) [NDM-4236] interface {name} zerotier orbit {world-id} {moon-id}

it seems issue has been resolved. i can now access my keendns addresses.

I checked and as of now, Keendns is working again. Hopefully it won't stop working again.

Hello everyone. A few days ago, when switching to the router's web interface, errors started appearing. Sometimes there is an error "no connection", sometimes there is a "DNS_PROBE_FINISHED_NXDOMAIN" error. I tried from different locations from different PCs.

The same problem today

The KeenDNS connection problem started after updating the modem to version 5.0.4. There were intermittent disconnections and drops, and finally, the problem of not being able to access KeenDNS at all. Is this a new update or a different issue? When I click on KeenDNS via the mobile application, I get the same error: "This site cannot be reached. Please check if there are any errors in my writing."

problem still persist

I have the same problem and it still persists. What is the problem?

5.1 is an experimental branch, see also changelog 5.0. Supported models: Giga (KN-1010) Hero (KN-1011, KN-1012) Start/Starter (KN-1111, KN-1112, KN-1121) Air/Explorer (KN-1613, KN-1621) Extra/Carrier (KN-1711, KN-1713, KN-1714, KN-1721) Ultra/Titan (KN-1810, KN-1811, KN-1812) Viva/Skipper (KN-1910, KN-1912, KN-1913) Omni DSL (KN-2011, KN-2012) Extra DSL/Carrier DSL/Skipper/Speedster DSL (KN-2111, KN-2112, KN-2113) Runner 4G (KN-2210, KN-2211, KN-2212, KN-2213) Hero 4G (KN-2310, KN-2311) Hopper 4G+ (KN-2312) Hero DSL (KN-2410) Peak DSL (KN-2510) Giant (KN-2610) Peak (KN-2710) Orbiter Pro (KN-2810) Skipper 4G (KN-2910) Speedster 4G (KN-2911) Speedster (KN-3010, KN-3012, KN-3013) Buddy 4 (KN-3210, KN-3211) Buddy 5 (KN-3310, KN-3311) Buddy 5S (KN-3410) Buddy 6 (KN-3411) Voyager Pro (KN-3510) Hopper DSL (KN-3610, KN-3611) Sprinter (KN-3710, KN-3711) Sprinter SE (KN-3712) Hopper (KN-3810, KN-3811) Hopper SE (KN-3812) Challenger (KN-3910) Challenger SE (KN-3911) Racer (KN-4010) Buddy 6 SE (KN-4410) Explorer 4G (KN-4910) Orbiter 6 (KAP-630)

Ok Thanks

Release 5.0.6 (preview): Ethernet: restored the cable diagnostics functionality for 2.5 Gbit/s ports [SYS-1529] HTTP: eliminated CVE-2026-1642 security vulnerability in the HTTP proxy service [NDM-4267] KeenDNS: fixed the inaccessibility of domain name to clients on the home network after switching the service from cloud to direct mode [NDM-4255] LTE: fixed the mobile data packet loss when polling the SMS subsystem of the built-in modem [NDM-4244] LTE: fixed the improper dual-SIM slot switching operation with the ping-check enabled (reported by @Ста По) [NDM-4237] MWS: fixed the cause of the 'response is too big' error message logged by the Wi-Fi System controller [NDM-4250] MWS: improved the Wi-fi System extender discovery to employ both L2 (LLDP) and L3 (multicast WS-Discovery) protocols and support specific configurations of managed Ethernet switches [NDM-4220] Web: fixed the radio button operation for selecting the Wi-Fi bands in the client settings (reported by @dimon27254) [NWI-4630] Web: corrected the display of wired clients connecting through Wi-Fi System extenders (reported by @Gonzik) [NWI-4667] Web: fixed the Wi-Fi System transition log filtering by client names that contain spaces (reported by @dimon27254) [NWI-4616] Wi-Fi: fixed the cause of Wi-Fi clients dropping from 80 MHz channel width when the Adjustment ZeroWait DFS was triggered [SYS-1544] Wi-Fi: resolved rejection of Wi-Fi clients trying to associate with 'IE_SUPP_CHANNELS' request element exceeding 64 bytes [SYS-1539]

I’ve been using KeenDNS for years without any problems. However, for the past few hours, I haven’t been able to access my router via my KeenDNS domain. Is anyone else experiencing the same issue today?

In the Command Reference Guide, you can read about call filtering features implemented in KeeneticOS. Pay attention to the commands specified below. nvox sip blacklist nvox sip whitelist nvox phonebook import nvox sip enable-blacklist nvox sip enable-whitelist nvox sip enable-whitelist-phonebook show nvox blacklist show nvox whitelist show nvox phonebook show nvox sip-lines

It would be good to have blocklists like we do with DNS filtering.

Strange is that manual on web have no any information about untagged (native) VLAN, but it works when VLAN ID is left empty. Probably this "function" is good also to add to the manual.

Good day! I'm using Keenetic Viva (KN-1910) and have a configured Wireguard tunnel between two Keenetic routers (the second one is a Keenetic Ultra (KN-1810)). After update the Keenetic Viva to 5.0.4, I can't connect to local devices on the side of Keenetic Ultra, but the Wireguar connection looks ok in the web ui (green and has a connected status on both sides). When I downgrade firmware of Keenetic Viva to 4.3.6.3 - everything works perfect again. There is no difference of Keenetic Ultra's firmware - tested on 4.3.6.3 and 5.0.4. Could you check what is going wrong with 5.0.4? I'm ready to provide any logs you need. Thanks in advance!

Thanks😊

Hello @simone bravo, this is the expected behavior. Your device checks for radars that may be working on frequencies overlapping with the 5 GHz Wi-Fi. This article has more details: https://support.keenetic.com/hero/kn-1012/en/43659-dfs.html