Jump to content
  • 0

Keenetic as simple Wi-Fi Access Point (Bridge)


Keenetic as simple Wi-Fi Access Point (Bridge)  

  1. 1. Do you use your Keenetic in the Mode Extender but you do not have a single Keenetic in Mode Router? If yes, specify how many:

    • One
    • Two
    • Three
    • Four
    • More than four


This is a small how-to silence a Keenetic in the mode Extender which can be used as a ‘Wi-Fi Bridge’, sometimes called ‘Wi-Fi Access Point’. This is useful, when you have no Keenetic in the mode Router around and you want a silent Access Point without NAT or Firewall, just doing Wi-Fi. Most of the steps are based on this help article. However, I had to do more:

  1. reset your Keenetic (button, Web, or CLI)
  2. when the Wizard in the Web interface offers the button ‘Exit Wizard’ go for that
  3. go for the command-line interface (for example, via the Web interface) and enter:
  4. interface Home lldp disable
  5. no ntp server
  6. ntp server
  7. ntp sync-period 40320
  8. no service internet-checker
  9. components remove cloudcontrol
  10. components remove sstp-server (on default, was not installed)
  11. components remove webdav
  12. components remove ndns
  13. components remove ip6 (on default, was not installed)
  14. system configuration save
  15. components commit

Keenetic does not learn the NTP server from DHCP. Therefore, I changed it manually to the IP address of my local main router. Double-check your IP address and that yours offers an NTP service. Furthermore, KeeneticOS 3.8 does not support IPv6 in mode Extender, yet. If you want to keep the system component IPv6 for future, then today, you have to go for:

  1. no ipv6 subnet Default
  2. system configuration save

The bad news: Although I do not use any service of Keenetic anymore, I found no way to disable the ‘authentication and licensing service’ yet. So it is not totally silent and still phones home after start and once daily (connecting to all fail-over IPs learned from DNS, perhaps another software bug). The good news, the system components Package Manager (opkg) and Phone Station (nvox) can be used even in mode Extender. Consequently, I am able still to use my Keenetic for telephony like the Keenetic Linear and many more.

  • Confused 1
Link to comment
Share on other sites

4 answers to this question

Recommended Posts

  • 0

Yes, I know. By the way, is there an easy way to look into what is exchanged exactly? Looking at Wireshark and the timings, it looks like failing over because it tries several different IPs in a row (and I blocked none of them, the TLS handshake succeeds and it looks like exchanging data successfully). Might be a bug but cannot say for sure.

  • Thanks 1
Link to comment
Share on other sites

  • 0

OK. Then, I do not understand it.

Exactly, every 24 hours, another, a different IP is connected. I am not so much about that daily phoning home, I am more confused by that several ones after the first start. I see five TLS connections, some to the same, some to different IPs (of ‘ndss.keenetic.ndmsystems.com’). Any chance to look into those connections? I redirected the DNS, but you use HTTPs with Certificate Pinning. The used trust anchor ‘4096-KNT-root-ca.crt’ can be found in the file system, in ‘/usr/share/sign-ca-certificates‘. However, I am not able to simply replace the file content because it is on a read-only partition.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...