Jump to content

Changelog 3.4


Recommended Posts

3.4 is a stable branch based on Linux 4.9, see also changelog 3.3.

Supported models:

  • Giga (KN-1010)
  • Start (KN-1110, KN-1111)
  • 4G (KN-1210, KN-1211)
  • Lite (KN-1310, KN-1311)
  • Omni (KN-1410)
  • City (KN-1510)
  • Air (KN-1610, KN-1611)
  • Extra (KN-1710, KN-1711)
  • Ultra (KN-1810)
  • Viva (KN-1910)
  • Omni DSL (KN-2011)
  • Extra DSL (KN-2111)
  • Speedster (KN-3010)
Link to comment
Share on other sites

Release 3.4 Alpha 1:

  • HTTP: implemented WebDAV support — https://{hostname}/webdav (@MDP requested)
    • ip http webdav enable — enable the service
    • ip http webdav security-level (public | private) — enable/disable access from the internet
    • ip http webdav permissive — ignore filesystem ACL
    • ip http webdav root {directory} — setup root directory
    • user {name} tag webdav — enable WebDAV access for the user
    • show ip http webdav — show the current status
  • SSH: implemented SFTP support (@krass requested)
    • ip ssh sftp enable — enable the service
    • ip ssh sftp permissive — ignore filesystem ACL
    • ip ssh sftp root {directory} — setup root directory
    • user {name} tag sftp — enable SFTP access for the user
    • show ssh sftp — show the current status
  • USB: supported QMI modems:
    • Qualcomm MDM9207 (PID 9025)
    • SIMCom 7100E, 7230E, 7600E
    • Anydata W140
    • Sierra MC7710
    • Quectel EC25-E
    • Megafon E392, E397, E398, EC106, E352, M100-1
    • MTS 320D, EC306
    • Longcheer LU1107
    • ZTE MF821D
  • USB: supported modems:
    • Digma DW1961, DMW1969
    • Tele2 D402
  • MWS: implemented backhaul access point shutdown (@Loredan requested)
    • mws backhaul shutdown
  • DNS: implemented DNS Rebinding protection (@SecretSanta requested)
    • [no] dns-proxy rebind-protect (strict | auto)
  • DNS: implemented NOTIMPL response to IQUERY(1)
  • DLNA: enabled for VPN clients:
    • user {name} tag vpn-dlna
  • DSL: implemented SNR margin offset configuration:
    • interface adsl snr-margin-offset {snr-margin-offset} — adjust ADSL SNR margin offset from -10 to 10 dB
    • interface vdsl snr-margin {snr-margin} — adjust VDSL SNR margin from 4 to 30 dB (default: 8 dB)
  • 802.1x: fixed PEAP/MS-CHAPv2 authentication (@Алексей Подвойский reported)
  • Web: fixed UI lagging vs. huge number of dynamic routes (@Alexander Kudrevatykh reported)
  • SNMP: fixed CVE-2020-6058, CVE-2020-6059, CVE-2020-6060
  • Thanks 1
  • Upvote 1
Link to comment
Share on other sites

  • ndm locked, pinned and featured this topic

Release 3.4 Alpha 4:

  • Wi-Fi: implemented PMF and WPA3-PSK/OWE support on the Wireless ISP client
  • USB: implemented safe detachment of SCSI/SATA media on system reboot, or FN action; added new commands:
    • system eject {name} — unmount partitions and detach a USB media device
    • show media [name] — show information about attached USB media devices
  • SSH: implemented chacha20-poly1305 compatibility and ed25519 key support
  • IPsec: fixed hardware-accelerated operation using 3des-sha256-dh-group-14 in both phases
  • Wireguard: fixed VoIP one-way RTP communication
  • TSMB: fixed resource discovery for Popcorn PCH-C300, and Dune media players
  • fixed uptime calculation in the "show ip hotspot" list (@bigpu reported)

Release 3.4 Alpha 5:

  • HTTP: fixed web-interface logon with no admin password
  • Web: fixed USB storage status (@panda74 reported)
  • Thanks 1
Link to comment
Share on other sites

  • 2 weeks later...

Release 3.4 Alpha 6:

  • added upstream-rate parameter to the commands:
    • interface traffic-shape
    • ip traffic-shape host
    • ip traffic-shape unknown-host
  • Web: added the "eject" button for USB storage devices
  • Web: added WebDAV settings (see the "Private Cloud" application page)
  • DNS: removed from the anti-rebind lists (@r3L4x reported)
  • VDSL: fixed single profile assignment (@WMac reported)
  • PPP: fixed CVE-2020-8597
  • Opkg: added gspca_sonixj kernel module
  • Thanks 1
Link to comment
Share on other sites

Release 3.4 Alpha 7:

  • DLNA: fixed router icon
  • IGMP: fixed multicast_snooping deactivation on Bridge interfaces
  • IPsec: fixed IKE and TS lifetime for L2TP/IPsec and VirtualIP
  • WebDAV: fixed USB storage access (@tld14 reported)
  • improved internet checking algorithm (@Space Alex reported)
  • reduced "Wireguard handshake" logging (@r13 reported)
  • fixed "lock precedence violation: IPV6_SUBNETS" (@r13 reported)
  • fixed "ip nat" netmask parsing (@KorDen reported)
  • Web: fixed Wireguard key validation
  • Thanks 1
Link to comment
Share on other sites

Release 3.4 Alpha 9:

  • implemented ping-check interface restart:
    • interface {name} ping-check restart [interface] — enable {interface} restart (optional argument defaults to {name})
    • ping-check {name} restart-interface — obsoleted
  • Wi-Fi: fixed the 20/40/80 MHz bandwidth setting for mt7615
  • Wireguard: reduced the default MTU size to 1324 bytes
  • OpenVPN: removed redundant hosts from the device list (@unuixsoid reported)
  • Web: fixed DSL connection priority setting (@TheBB reported)
Link to comment
Share on other sites

 Release 3.4 Alpha 10:

  • implemented host traffic filtering (ip hotspot host deny) based on MAC address, against IP address detection lag
  • TSMB: fixed issue with not listing files and directories (@psm68 reported)
  • TSMB: fixed printing issue ("invalid printer name" in response to "OpenPrinterEx")
Link to comment
Share on other sites

Release 3.4 Alpha 11:

  • Wi-Fi: implemented Kr00k protection (CVE-2019-15126)
  • L2TP: fixed control connection shutdown
  • L2TP: fixed source port change on reconnection
  • VPN: fixed communication between clients of different VPN services
  • IPsec: fixed tunnel traffic accounting
  • IPsec: fixed IP alias support (@KorDen reported)
  • IPsec: fixed scheduled tunnel connection (@keshun reported)
  • Web: fixed directory access control configuration (@Joe D reported)
  • Web: fixed Release notes reference (@r13 reported)
  • Web: fixed unregistered traffic monitoring in a separate tab (@bigpu reported)
  • OpenSSL: updated to 1.1.1e
Link to comment
Share on other sites

Released 3.4 Alpha 12:

  • improved internet checking algorithm:
    • reduced the number of simultaneous connections
    • enabled sequential polling of test servers
    • enabled dynamic polling interval
  • fixed "SSL_read() failed" error on extenders (@AndreBA reported)
Link to comment
Share on other sites

Release 3.4 Alpha 13:

  • Wi-Fi: fixed Class-2 error handling for backhaul connections
  • TSMB: added Change Notification support (@WMac reported)
  • Web: fixed configuration saving for ICMP-based ping-check interfaces
  • OpenSSL: updated to 1.1.1f
Link to comment
Share on other sites

  • 2 weeks later...

Release 3.4 Beta 0 (pre-beta):

  • Wi-Fi: added IEEE 802.11h DFS support for Mesh Wi-Fi System to prevent interference with satellites and radars using the same 5 GHz frequency band. In the case of radar signal detection, the router, acting as Wi-Fi System Controller, will coordinate the switch to another Wi-Fi channel for all extenders included in the Wi-Fi System.
  • Printer: imlepemented status polling turn-off:
    • printer {name} no status-polling
  • Web: added an upstream rate configuration for registered hosts
  • Web: added multiple toggle switches to the "Private cloud" tile
Link to comment
Share on other sites

Release 3.4 Beta 1 (official beta):

  • WebDAV: enabled directory listing in a web browser
  • AdGuard: restored service availability checking
  • DSL: fixed SNR margin offset configuration
Link to comment
Share on other sites

  • 2 weeks later...
  • 3 weeks later...

Release 3.4.1 (stable):

  • DNS: disabled rebind protection for (@Andrew Voronkov reported)
  • DNS: disabled rebind protection for the plex.direct domain
  • Web: added signal level and 4G/3G network indication for USB modems
  • Web: added physical port number indication for wired connections
  • Web: added gateway and DNS server information to the extender's dashboard
  • Web: fixed schedule configuration for handheld browsers
  • Web: fixed private cloud access control settings
Link to comment
Share on other sites

  • ndm unfeatured this topic

Release 3.4.2 (official beta):

  • Wi-Fi: implemented WPA3-PSK Fast Transition (FT-SAE)
  • Wi-Fi: implemented a separate PMK cache for FT and WPA3
  • Wi-Fi: fixed GTK rekey for FT transitioned clients (for mt7615/mt7613 chipsets)
  • Wi-Fi: fixed Fast Transition PMK-R1 key storage overflow
  • SSTP: improved compatibility with AnyVPN SSTP Connector
  • USB: fixed storage mounting failures
  • USB: added Quectel EP06 (QMI) modem support
Link to comment
Share on other sites

Release 3.4.4 (official beta):

  • fixed dependency calculation of bridged interfaces (@Кинетиковод reported)
  • USB: increased descriptor read tolerance for storage devices
  • USB: fixed "3G/4G QMI" compatibility with E392 modems
  • Wi-Fi: fixed WPS operation for WPA2+WPA3 PSK security
  • Web: fixed drag-drop function in "Connection priorities" (@AndyFM reported)
  • Web: fixed host selection in the "Traffic monitor" (@r777ay reported)
  • Web: fixed port configuration blocking on extenders (@enterfaza reported)
  • Web: fixed selected timezone option style (@enterfaza reported)
  • Web: fixed "undefined" in the Wi-Fi system extender status (@AlexUnder2010 reported)
  • Web: fixed host schedule retention after denying access to the internet
  • Web: fixed traffic-shape settings for unregistered devices
  • Web: fixed DHCP pool calculation for newly created segments
  • Web: fixed NAT configuration saving for segments
  • Web: added remote access configuration for extenders
Link to comment
Share on other sites

  • 1 month later...

Release 3.4.10 (official beta):

  • MWS: enabled 2.4 GHz backhaul for all extenders in a single-band controller network
  • USB: added Sierra EM7455 modem support
  • Web: disabled automatic Wi-Fi blacklisting of newly registered devices
  • Web: limiting the number of selected language packages

Attention: deployed the new firmware signing certificate to the cloud infrastructure. Previously saved firmware files can be uploaded using the TFTP recovery only.


Link to comment
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...