All Activity

That unfortunately is not possible. If you mark certain components to be added, while adding them the device will update firmware to the latest 4.3.x firmware. That probably means that your device was produced for the EAEU region. While you wait for the support team to respond, you can ask around on https://forum.keenetic.ru: somebody there may have the 4.3.7 firmware for your device with all the components you need.

Thank you @eralde . Can I install the firmware from https://osvault.keenetic.net/KN-1511/4.03/ and then go to my router and add needed modules? Or is it only mentioned components in the txt and that is it, no way to add others later? I create ticket with keenetic.com, but they redirected me to keenetic.ru. The keenetic.ru haven't responded to me yet. That is why I came here.

Hello @Chiz you can check out firmware files available here: https://osvault.keenetic.net/KN-1511/4.03/ Please note, that the list of components in the files available there may be different from what you need. I suggest checking out corresponding txt file before uploading the firmware to your router. A better solution is to create a ticket with our technical support: https://keenetic.com/en/company/support

After updating Keenetic City to 4.3.8 WireGuard and IKEv2 connections stopped connecting. They worked on 4.3.7. The connections were tested from apps - connecting. I have never had problems with stable versions of firmware. This is the first time. I don't have the backup of the 4.3.7. Can someone share the 4.3.7 version of firmware for the Keenetic City KN-1511?

Hello Keenetic team and community, I understand that KeeneticOS uses CAKE-based AQM/SQM, and that NFQ is used for shaping at higher speeds while CAKE is used at lower rates. What I would like to understand better is which CAKE/SQM-related mechanisms are actually active internally, and how they are implemented. Could someone from the Keenetic team or experienced users confirm whether the following mechanisms are active in the current IntelliQoS/SQM/NFQ implementation? A simple yes/no or short explanation for each item would be very helpful. NAT-aware host fairness Can SQM fairly separate LAN devices behind NAT? ACK filtering Is TCP ACK filtering, or any similar ACK optimization, used? WAN overhead compensation Does SQM account for PPPoE, VLAN, DSL, cable or Ethernet overhead while shaping? Download-side SQM / IFB Is download shaping done with an ingress / IFB-like mechanism, or with another Keenetic-specific method? Packet marking / priority mapping After IntelliQoS classifies traffic, are packets marked with DSCP/802.1p, or are they only mapped internally to priority queues? How are CAKE features limited or simplified in NFQ to ensure fast loading speeds? Does IntelliQoS / NFQ protect small latency-sensitive UDP flows under heavy load independently of application recognition, at the SQM/queueing level or through Keenetic’s own scheduler? My goal is not to criticize IntelliQoS. I am trying to understand how close the current implementation is to typical OpenWrt SQM-CAKE behavior in areas such as host fairness, overhead compensation, ACK filtering and download-side shaping. Any explanation from moderators, developers or experienced users would be appreciated. Thank you.

Hello Keenetic team, I would like to request a more transparent and more flexible SQM option inside IntelliQoS. I understand that IntelliQoS already provides application classification, traffic prioritization and CAKE-based SQM/AQM behavior. However, some users may prefer an OpenWrt like CAKE-only SQM mode that focuses mainly on queue control, fairness and bufferbloat reduction, without depending on application classification or an NFQ/classification-based traffic path. My request is not to remove IntelliQoS. Instead, please consider adding an optional mode such as: IntelliQoS automatic mode; IntelliQoS with application prioritization; CAKE-only SQM mode. The CAKE-only mode would be useful for users who want predictable latency control even when traffic is encrypted, unknown, mixed, VPN-based, or not classified correctly. In many real home networks, perfect application recognition is difficult. It would also be useful to document or expose which CAKE/SQM mechanisms are active, such as: device/host fairness; flow fairness; DiffServ behavior, including modes similar to besteffort, diffserv3 or diffserv4; NAT awareness; ACK filtering; WAN overhead compensation for PPPoE, VLAN, DSL, cable and Ethernet; download-side SQM using ingress shaping / IFB-like behavior; whether SQM is active on upload, download or both. The main practical benefit would be a choice between two approaches: IntelliQoS mode: application-aware prioritization and automatic classification. CAKE-only SQM mode: advanced, more deterministic queue management focused on fairness and stable loaded latency. This would make KeeneticOS more attractive to advanced users who currently prefer OpenWrt SQM-CAKE for predictable bufferbloat control, host fairness and transparent CAKE behavior. Thank you for considering this request.

Today I switched from KeeneticOS version 5.0.12 to version 5.1 Beta 4 (Developer Channel) I noticed that when copying via rclone, I get an error: Attempt 1 Attempt 2 (I previously deleted all the files on the router's hard disk) I'm connecting via FTP protocol Copying is done from a device on the local network to Keenetic (the hard disk is connected to the router via USB) On 5.0.12, the same task worked, after upgrading to 5.1 Beta 4, it breaks stably. The hard disk file system is exFAT rclone version:

Release 4.3.8 LTS (preview, stable)*: Core: fixed a memory leak in the API parsers for IPv6 addresses and prefixes [NDM-4376] HTTP: addressed the CVE-2026-28753 security vulnerability in the web interface service [NDM-4368] HTTP: disabled HTTP/2 support to mitigate security vulnerabilities, including CVE-2026-49975, related to an HPACK out-of-memory (OOM) attack [NDM-4499] MWS: fixed the 'the controller DPN document is not accepted' error that occurred when acquiring an extender under certain conditions [NDM-4452] OpenSSL: library upgraded to 3.5.6/3.0.20 to address multiple security vulnerabilities [NDM-4402] CVE-2026-28386 CVE-2026-28387 CVE-2026-28388 CVE-2026-28389 CVE-2026-28390 CVE-2026-31789 CVE-2026-31790 SSH: fixed an issue that could prevent the session timeout from being applied correctly [NDM-4406] Wi-Fi: fixed a potential crash and memory leak that could occur when connecting to a Wi-Fi 7 network using WPA3-SAE after changing the wireless settings [SYS-1749] Wi-Fi: fixed the 2.4 GHz channel width display on models using MT7628 or MT7603 [SYS-1755] WireGuard: fixed the issue with multiple connections operation after a device restart (reported by @tkost, @Robespierre) [NDM-4418] * publication scope: KN-1111, KN-1211, KN-1212, KN-1311, KN-1511, KN-1611, KN-1711, KN-2210, KN-3010

Release 5.0.12 (stable): Ethernet: resolved an issue in the Ethernet switch that affected the handling of 802.1Q frames with VLAN ID 0 [SYS-1785] HTTP: disabled HTTP/2 support to mitigate security vulnerabilities, including CVE-2026-49975, related to an HPACK out-of-memory (OOM) attack [NDM-4499] IP: improved the handling of non-exclusive FQDN-based routes when the destination interface is unavailable [NDM-4358] IPv6: fixed the 'ip policy no ipv6 route' command operation [NDM-4467] Mobile: added support for the six-digit PLMN mobile network operator identifier format in the command-line interface [SYS-1773] MWS: fixed the 'the controller DPN document is not accepted' error that occurred when acquiring an extender under certain conditions [NDM-4452] Web: resolved an issue that caused the wrong number of copies to be printed when users printed wireless network information from the mobile view (reported by @dimon27254) [NWI-4858]

-Translate: mws zone [MAC] [CID] When the command is used, all Wi-Fi clients on the mesh network disconnect and reconnect after a few seconds. Could you design it so that this command can run live without any on/off switching?

It’s normal because the backhaul connection is still functioning - https://support.keenetic.com/titan/kn-1812/en/15237-what-hidden-wi-fi-networks-does-the-router-broadcast-.html

Hi everyone, I have a Keenetic Titan KN 1812 and I've configured a schedule to automatically turn off the Wi-Fi during the night. The schedule works perfectly and the Wi-Fi actually turns off as expected. However, I noticed that the Wi-Fi LED on the router stays illuminated even when the wireless networks are disabled. Is this the normal/intended behavior for this model, or should the LED turn off together with the Wi-Fi? For reference, I am running the 5.0.11 version of KeeneticOS. Thanks in advance for your help!

Hi! Setup:Keenetic Titan (KN-1811), KeeneticOS 5.0.11, segments Main and IoT. I have the same issue. Tried : Relay multicast DNS enabled on both segments, firewall rules allowing UDP 5353 from IoT to any. Verified with `avahi-browse -at` from a Linux machine on Main — smart plugs (Shelly) devices on IoT never appear. Did anyone find a working solution purely within Keenetic's config?

Titan 1812 firmware version 5.0.11. Periodically, the router reboots a couple of times a day. There are Imou cameras on the network. Could that be the reason?

Release 5.1 Beta 4 (preview) MWS: fixed the 'the controller DPN document is not accepted' error that occurred when acquiring an extender under certain conditions [NDM-4452] Web: sorted the client list alphabetically when adding a custom view to the Traffic Monitor page (requested by @dimon27254) [NWI-4827] WireGuard: fixed the 'invalid I1 value' error that occured when importing certain configurations [NDM-4472]

In current KeeneticOS version 5.0.11, every time a "Read only" user logs in, a notification shows up in the lower right corner saying "The current user doesn't have permission to change device settings.". This (unnecessary) notification is exactly in the position where it hides the logout button, so the notification has to be dismissed just to be able to log out. Please either allow the notification to be dismissed permanently, or at least move it to a place where logging out is possible without dismissing it.

Hello, Adding another data point to the known PTK handshake issues on NC-1812. Environment: - Device: NC-1812 (Netcraze Ultra), chipset MT7992-BE7200 - Firmware: KeeneticOS 5.0.11 (stable, main channel) - Service tag: [fill in 15-digit code from device label] - Client: MacBook Pro M4 Max, macOS Tahoe 26.5 Symptom: The Mac cannot reliably connect to the 5GHz SSID (WifiMaster1). SAE key exchange completes, association succeeds, but the 4-way handshake fails at message 1 of 4. AP deauthenticates the client after a 5-second timeout. Router log (characteristic sequence): [I] WifiMaster1/AccessPoint0: STA(xx:xx:xx:xx:xx:xx) SAE key exchange done, PWE method: H2E. [I] WifiMaster1/AccessPoint0: STA(xx:xx:xx:xx:xx:xx) had associated (has FT caps). [I] WifiMaster1/AccessPoint0: STA(xx:xx:xx:xx:xx:xx) pairwise key handshaking timeout (msg 1 of 4-way). [I] WifiMaster1/AccessPoint0: STA(xx:xx:xx:xx:xx:xx) had deauthenticated by AP (reason: PTK 4-way handshake timeout). Key observations: 1. The issue occurs ONLY on the 5GHz radio (WifiMaster1). On 2.4GHz (WifiMaster0) the same client completes the handshake correctly ("set key done in WPA3/WPA3PSK"). 2. Other clients on the 5GHz radio connect normally — the bug is specific to the combination of MT7992 + macOS Tahoe. 3. The same Mac worked stably on this 5GHz network for several months before the macOS Tahoe upgrade. Tested on the router side (no effect): - Disabled Fast Transition (802.11r) - Disabled RRM/BTM (802.11k/v) - Disabled MLO, DL/UL MU-MIMO, DL/UL OFDMA, TWT, Airtime Fairness - Changed standard from 802.11a/n/ac/ax/be to 802.11a/n/ac/ax (without BE) - Changed channel width (160 → 80 → 40 MHz) - Tried different channels (UNII-1 / UNII-3) - Network protection: WPA2-PSK + WPA3-PSK transition, WPA2-only, WPA3-only - Full SSID removal and recreation Tested on the Mac side: - Removed network cache and re-added the network - Disabled Private Wi-Fi Address for this network - Disabled Bluetooth - Disabled iCloud Keychain sync for Wi-Fi The same Mac also has issues on another AP (Huawei AX3, HiSilicon Gigahome chipset) — confirming this is primarily a macOS Tahoe regression, not chipset-specific. However, MT7992 behaves more strictly: the connection cannot be established at all, while Huawei AX3 reconnects with packet loss. If a firmware-side mitigation is possible (e.g., increasing the PTK handshake timeout or making msg 1 retries more lenient), it could help users until Apple ships a fix. Thanks.

Hi everyone, I recently got a Titan 2 and I'd like to configure it to receive an IPv6 address from the Vodafone Italia fiber network. Given that the IPv4 connection works fine, I can't find (either through the web interface or CLI) the 'place' where I need to enter the 'host-uniq' parameter in hexadecimal (HEX), which is required to obtain an IPv6 address from the Vodafone Italia network. Has anyone managed to do this? Do you have a working configuration? Thanks!"

Please add a feature to change device region (consent and region settings). (http://192.168.1.100/rci/show/) I would like to switch from EAEU to EU and use EU cloud services. I prefer EU backend due to privacy and compliance considerations. Is there any official way to change this setting on a device level? For example, via UART access or Keenetic SDK?

Hi, I have a KN-2410 and I keep having problems where I can't see any Wi-Fi settings or clients in the web interface. I have to restart it every time for it to work again. I've attached the logs. I'm using version 5.1 Beta 3, but this error also occurs with other versions. I also have the problem that when my mesh nodes are assigned static IPs, they no longer communicate properly with each other. log.txt

Release 5.1 Beta 3 (preview) Ethernet: resolved an issue in the Ethernet switch that affected the handling of 802.1Q frames with VLAN ID 0 [SYS-1785] Mobile: added support for the newer 6-digit mobile network operator PLMN identifiers [NWI-4838] Web: resolved an issue with the Firewall Rule editor (reported by @spatiumstas) [NWI-4835] Web: resolved the issue with WISP connections to networks that have special characters in their names [NWI-4836]

I solved my IPv6 and DNS problem. The problem: I didn't have IPv6 before, I used Adguard Home on a mini-PC for IPv4, and everything worked. After setting up to receive (dynamic) IPv6 from the provider, I found that the devices that run on IPv6 stopped accessing AdGuard Home. These devices accessed the router's DNS, and the router used some kind of global DNS (possibly the provider's DNS) instead of my Adguard Home. Solution: The devices generate Link-Local (fe80::) addresses for themselves. But the UI does not allow you to specify such an address as an IPv6 DNS address (I suppose there are reasons for this). But the UI allows you to specify a ULA (Unique Local Address (fd**::)) IPv6. Currently, by default, Keenetic does not enable the distribution of ULA addresses to devices. To enable this, run the command (on the <router address>/a or <router address>/ControlPanel/cli page) : OR to assign a random ULA IPv6 prefix: ipv6 local-prefix default OR to assign a specific ULA IPv6 prefix: ipv6 local-prefix fd00:caba::/48 (I found the commands here) Don't forget to save the changes: system configuration save Find the IPv6 address on the device (mini-pc/Raspberry), (for example, using ifconfig) and enter this IP in: My Networks and Wi-Fi → Home segment → DNS IPv6 server 1 After that, devices on the local network will receive IPv6 DNS belonging to the device with AdGuard Home and send DNS requests directly to it.

18/05/2026 Telegram Notifications Restored The technical issue has been resolved. Telegram notifications about sites and nodes changing to Online, Warning, and Offline statuses have been re-enabled and are now operating normally. Thank you for your understanding.

RMM is always in beta, it's slow, RMM is not available as a self-hosted instance on my private cloud. Access to the GUI is done through the Keenetic proxy service external of my infrastrucure. This type of usage is not desired. I will explore others solutions for access GUI.

I use RMM for that. You can connect all the routers via VPN and access them all at once from one location.