admin

Release 5.0 Alpha 5: IP: implemented removal of multiple routes; "no" destination arguments made optional [NDM-3911]: no ip route [{network} {mask} | {host} | default] [{gateway} | {interface}] [metric] no ip policy route [{network} {mask} | {host}] [{interface} | {gateway}] [metric] no ipv6 route [{prefix} | default] ({interface} [{gateway}] | {gateway}) IPv4: fixed "out of memory" error when creating an IP policy (reported by @Ponywka) [NDM-3907] Kernel: removed excessive debug messages from ntc [SYS-1384] mDNS: enabled announcement of the Web interface (HTTP) service in the local network [NDM-3919] OpenConnect: added nc (Juniper) protocol [NDM-3908]: interface {name} openconnect protocol (anyconnect | fortinet | nc) OpenConnect: fixed usage of authgroup with anyconnect protocol [NDM-3918] USB: fixed LTE modem's "terminal options verification failed" error (reported by @k19olegh68) [NDM-3905] Web: added a new Automatic theme that follows system preferences (requested by @dimon27254) [NWI-4242] Web: enabled usage of VLAN 0 for Wired connections [NWI-4315] Web: fixed appearance of table row borders (reported by @dimon27254) [NWI-4299] Web: fixed closing of the registration pop-up for unregistered hosts (reported by @spatiumstas) [NWI-4244] Web: fixed table scrolling on the Application Traffic Analyser page (reported by @dimon27254) [NWI-4283] Web: fixed table display in the Transition Log (reported by @dimon27254) [NWI-4284] Wi-Fi: fixed MAC address change for WifiStation interfaces (reported by @project_fcc) [NDM-3906] Wireguard: implemented obfuscation key for peers (requested by @Oleg Nekrylov) [NDM-3917]: interface {name} wireguard peer obfs-key {obfs-key} ZeroTier: removed repetitive "install accepted route" messages [NDM-3903]

Release 4.3.4 (preview): IPv4: fixed "out of memory" error when creating an IP policy (reported by @Ponywka) [NDM-3907] IPv6: fixed inbound connections to SSH server (reported by @ru.celebi) [NDM-3891] IPv6: fixed inbound connections to VPN servers [NDM-3886] Kernel: removed excessive debug messages from ntc [SYS-1384] Web: added VLAN 802.1p settings to Ethernet Cable Connections (reported by @czerniewski) [NWI-3726] Web: fixed appearance of table row borders (reported by @AndreBA, @dimon27254) [NWI-4250, NWI-4299] Web: fixed color notations on the Traffic Monitor page (reported by @keenet07) [NWI-4243] Web: fixed device name display in WebCLI (reported by @qmxocynjca) [NWI-4240] Web: fixed minor issues with Mesh Wi-Fi system tile (reported by @dimon27254) [NWI-4275] Web: fixed saving of G.INP settings for ADSL [NWI-4270] Web: fixed saving of "TCP/UDP (all ports) and ICMP" forwarding rules [NWI-4253] Web: removed Users configuration description from "IKEv2/IPsec VPN server" page (reported by @project_fcc) [NWI-4245] Wi-Fi: fixed WPS when WPA2-Enterprise is enabled [SYS-1361] Wireguard: fixed AllowIPs validator to allow overlapping networks with a warning message (reported by @Александр Гольдварг) [NDM-3888] ZeroTier: removed repetitive "install accepted route" messages [NDM-3903]

Release 5.0 Alpha 4: Dns: fixed forwarding of negative responses to local clients at 127.0.0.1 (reported by @dchusovitin) [SYS-1382] Web: fixed appearance of table row borders (reported by @AndreBA) [NWI-4250] Web: fixed behavior of the menu items in expanded view (reported by @dimon27254) [NWI-4198] Web: fixed device name display in WebCLI (reported by @qmxocynjca) [NWI-4240] Web: fixed minor issues with Mesh Wi-Fi system tile (reported by @dimon27254) [NWI-4275] Web: fixed saving of "TCP/UDP (all ports) and ICMP" forwarding rules [NWI-4253]

Hi, you can do that. If you're having trouble turning on the Wi-Fi backhaul, please contact tech support in your country. Of course, 867 Mbit will be shared between backhaul and wireless devices on the same radio channel, so you will not get that much.

Release 4.3 Alpha 10.1: IPsec: fixed printing of redundant "vici client" log messages (reported by @Denis P) [NDM-3617] IP: fixed access to my.keenetic.net from the home network (reported by @Denis P) [NDM-3618] MWS: fixed password configuration on acquired Extenders [NDM-3619] NTCE: fixed "system failed [0xcffd0532], unable to write to control file" error (reported by @Denis P) [NDM-3614]

Release 4.3 Alpha 6.2: MWS: fixed Home segment configuration on Extenders (reported by @ru.celebi) [NDM-3578] SFP: added quirks for GPON modules on KN-1012 [SYS-1248]: ODI DFP-34X-2I3 ODI DFP-34X-2IY3

Release 4.3 Alpha 6.1: Core: fixed "interface mac address factory wan" setting (reported by @lighting) [NDM-3574] Wireguard: fixed connection uptime (reported by @spatiumstas) [NDM-3567]

Release 4.3 Alpha 3.1: NTC: fixed crash in the traffic shaper (reported by @dmroot) [SYS-1226]

Thanks for reporting; it's not supposed to be like this, and it can be fixed. The uptime indication is broken here so that a shorter time from the Wi-Fi association table overwrites the network-wide value. It's too late to push any changes to the upcoming release 4.2.1, but the fix itself is trivial and will be released in 4.2.2 or so.

It is an operator's equipment issue. KeeneticOS has a feature that restarts the underlying ethernet port automatically after 5 PADO timeouts in a row. This feature is enabled by default. You are welcome to share your ideas on how to improve it.

Keenetic has necessary firewall rules enabled by default so that you don't need to duplicate them manually, and therefore, it's secure by default. The provider's router does not add any extra isolation, nor does it break any existing Keenetic isolation. The provider's router is simply a part "provider" for Keenetic, which is, by default, an untrusted (public) network. Keenetic permits no incoming connections from the outside. Keenetic segmentation adds security to your network so that if your IoT device is compromised, it will not allow access to other devices on another segment as long as they are isolated. And the ISP router in no way reduces security in this scenario.

Hi, security is enabled by default. It is based on so-called security levels. There are three security levels in KeeneticOS: private (default for Home segments), public (default for WAN connections), protected (default for Guest segment). You can get more information here: https://docs.keenetic.com/eu/carrier/kn-1713/en/22346-configuring-firewall-rules-from-the-command-line-interface.html

You may connect your Keenetic to the RMM service (https://support.keenetic.ru/eaeu/ultra/kn-1811/ru/31407-keenetic-remote-monitoring-and-management.html) and then subscribe to online/offline notifications in Telegram https://support.keenetic.ru/eaeu/ultra/kn-1811/ru/31412-telegram-notifications.html. Another option would be to book a KeenDNS domain name (https://support.keenetic.ru/eaeu/ultra/kn-1811/ru/15881-domain-name.html ) and open access to your device's web interface (https://support.keenetic.ru/eaeu/ultra/kn-1811/ru/18524-changing-the-router-management-port.html). Remember to set a strong password. KeenDNS does not need a public IP address on the device, as it can tunnel your HTTPS traffic through the cloud. Then, you may configure a third-party service such as https://uptimerobot.com/ to check your device's uptime for free. There are also options through the external package system to develop whatever you need using cron and shell scripts.

I'm afraid that no one can help based on the information you gave us. The best option for you is to talk to Keenetic's official tech support, as they can professionally request all details about your error.

This is not implemented for IPv6. Can you tell what address you expect in response to AAAA? IPv4 simply uses addresses from DHCP leases. IPv6, in contrast, has both SLAAC and DHCP (not enabled by default), and the addresses themselves are generated from multiple prefixes, which may be obtained from your ISP (multiple ISPs) and ULA. (Suppose, you want to see ULA addresses since you asked about it.)