Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive
 

Introduction

External design and hardware

Firmware update

Web-interface

Command line

Testing

Summary

Introduction

It’s been more than two years since we tested Zyxel Keenetic Ultra II and Giga III wireless routers. Yes, time spins away. Today in our laboratory we have Keenetic Giga KN-1010 wireless router. Let’s review which new capabilities were added and how the performance of wireless routers has changed after Keenetic department became a separate company.

External design and hardware

Keenetic Giga KN-1010 wireless router comes in gray and white plastic case with the dimensions 214x154x33 mm (not considering external antennae). The device weighs 488 g. To operate properly KN-1010 needs an external power adapter (included to the box) with the following characteristics: 12V and 2,5 A.

There are a 3D vendor name, LEDs indicating state of the whole device and its wired and wireless interfaces on the front panel. In addition, button for managing wireless network is located here.

Keenetic KN-1010 wireless router has four external turning non-detachable antennae placed on the rare panel of the case and its sides.

The remarkable part of the sides is covered with the ventilation grate. Except for it, two USB ports (one USB 2.0 and one USB 3.0) are placed on one side and two additional configuring buttons for managing additional device parameters are located here, too.

Except for two antennae, five Gigabit Ethernet ports (one WAN and four LAN) with LEDs indicating their state, slot for power connection and sunken Reset button are placed on the rare panel. It’s worth noting that WAN-interface of the testing wireless router is a combo one: the user can connect to the Internet both with the help of twisted pair and optical fibers by using special transivers.

The bottom panel is rather traditional: the ventilation grate, four big rubber legs, two technological holes for mounting the router to the wall and sticker with brief information about the device are located here.

Now let’s take a look at the insides of KN-1010 case.

The hardware of Keenetic KN-1010 wireless router consists of the only green textolite plate which main elements are placed on its both sides. MediaTek MT7621AT dual-core processor working on 880 MHz and MT7615D wireless module of the same vendor are covered with protecting screens are not available for review, whereas DDR Nanya NT5CC128M16IP-DI RAM chip of 256 Mbytes is available.

On the bottom side of the plate Spansion S34ML01G200TFI000 flash-memory module of 128 Mbytes and Realtek RTL8211FS switch chip with five Gigabit Ethernet ports are placed. The given switch is responsible for working with WAN-port (select of SFP or RJ-45), whereas switching of data transmitting via LAN-ports is performed by gigabit switch built into the processor.

That’s where we complete Keenetic KN-1010 wireless router hardware review and go to reviewing its firmware capabilities.

Firmware update

Firmware update can be carried out in General settings menu item, Administration group of the web-interface. The users can prefer automatic or semi-automatic firmware update mode. One should be connected to the Internet to update firmware using any of this ways.

The whole firmware update process takes about 1,5 minutes and doesn’t require any special knowledge from the user.

Ability of manual Keenetic Giga firmware update is also available to the users, to use it one should click Replace the file button in firmware section of System files group of General settings menu item and select file with the new firmware version.

Firmware used for Keenetic wireless routers has module structure that allows the administrator to install only components that are really needed. One can select components for installation on General Settings page. Amount of available components is really surprising.

By default, only two firmware lines are available to the administrator: stable (release) and more dynamically developing beta-version. However, in addition, firmware of other lines can be available to the administrator. One can perform update to developing firmware versions either with the help of a special firmware file which can be retrieved from vendor technical support or by downloading it from the forum or by entering two hidden commands: components list draft and components commit (Internet connection is necessary).

One can turn on/off automatic firmware update and change list of installed components using command line interface.

(config)> components
 list - show an available component list
 install - install or remove a component
 remove - remove the component from this system
 preset - select a predefined set of components
 preview - show firmware info
 commit - apply selected component set
 validity-period - set a validity period of a local component list
 auto-update - manage firmware components auto-update settings
(config)> components install opkg
Components::Manager: Component "opkg" is queued for installation.
(config)> com
 components - manage firmware components
 (config)> components comm
 commit - apply selected component set
 (config)> components commit
Components::Manager: Update task started.

If necessary, the administrator can update device firmware using files located on the external USB drive. We copied file with new firmware version to our small flash-card and connected it to the router. After flash-card connection a new drive from which we are going to perform copying of firmware was detected by the system.

(config)> ls
 Usage template:
 ls [{directory}]
 Choose:
 ndm:/
 flash:/
 temp:/
 proc:/
 sys:/
 storage:/
 usb:/
 9A8ABCA98ABC8375:/
 STORAGE:/
 (config)> ls 9A8ABCA98ABC8375:/
 rel: 9A8ABCA98ABC8375:/
 entry, type = R:
 name: firmware
 size: 13893692
 (config)> copy
 Usage template:
 copy {source} ({destination} | {destination})
 Choose:
 ndm:/
 flash:/
 temp:/
 proc:/
 sys:/
 storage:/
 usb:/
 9A8ABCA98ABC8375:/
 STORAGE:/
 log
 running-config
 startup-config
 default-config
 (config)> copy 9A8ABCA98ABC8375:/f
 Usage template:
 copy {source} ({destination} | {destination})
(config)> copy 9A8ABCA98ABC8375:/firmware
 Usage template:
 copy {source} ({destination} | {destination})
 Choose:
 9A8ABCA98ABC8375:/firmware ndm:/
 9A8ABCA98ABC8375:/firmware flash:/
 9A8ABCA98ABC8375:/firmware temp:/
 9A8ABCA98ABC8375:/firmware proc:/
 9A8ABCA98ABC8375:/firmware sys:/
 9A8ABCA98ABC8375:/firmware storage:/
 9A8ABCA98ABC8375:/firmware usb:/
 9A8ABCA98ABC8375:/firmware 9A8ABCA98ABC8375:/
 9A8ABCA98ABC8375:/firmware STORAGE:/
 9A8ABCA98ABC8375:/firmware log
 9A8ABCA98ABC8375:/firmware running-config
 9A8ABCA98ABC8375:/firmware startup-config
 9A8ABCA98ABC8375:/firmware default-config
 (config)> copy 9A8ABCA98ABC8375:/firmware flash:/firmware
FileSystem::Repository: Firmware update started.

One can check success of firmware update process using show version command.

(config)> show version
 release: 2.11.C.1.0-3
 arch: mips
 ndm:
 exact: 0-fbd6e4f
 cdate: 11 Apr 2018
 bsp:
 exact: 0-e2dc116
 cdate: 11 Apr 2018
 ndw:
 version: 4.2.3.114
 features: wifi_button,wifi5ghz,usb_3,usb_3_first,
 led_control,vht2ghz,mimo5ghz,dual_image,nopack,
 flexible_menu,emulate_firmware_progress
 components: angular-ndw,ddns,dot1x,fat,hfsplus,interface-
 extras,kabinet,miniupnpd,nathelper-ftp,nathelper-h323,
 nathelper-pptp,nathelper-rtsp,nathelper-sip,ntfs,ppe,
 trafficcontrol,usblte,usbserial,cloud,cifs,base,
 cloudcontrol,components,config-ap,config-client,config-
 repeater,corewireless,dhcpd,dlna,easyconfig,ftp,igmp,
 l2tp,madwimax,pingcheck,ppp,pppoe,pptp,skydns,storage,
 transmission,usb,usbdsl,opkg,usbmodem,usbnet,ydns,
 printers,theme-Keenetic,base-theme,sysmode,base-l10n,
 easyconfig-3.2,modems,ispdb,base-Intl
 manufacturer: Keenetic Ltd.
 vendor: Keenetic
 series: KN
 model: Giga (KN-1010)
 hw_version: 10108000
 hw_id: KN-1010
 device: Giga
 class: Internet Center

That’s where we proceed to completion of description of different ways for Keenetic wireless routers firmware update and go directly to exploring its web-interface capabilities.

Web-interface

One can get access the router web-interface using any modern browser. In addition, managing the device can be performed with the help of mobile apps available for the systems based on Android and iOS. The web-interface of KN-1010 model is available in three languages: Russian, English, and Ukrainian.

The vendor decided to display a prompt message about the way of password reset (and, certainly, all user settings as well) directly on control panel login form.

Upon successful authentication the user is navigated to the router web-interface start page where the information about the use of Internet channel and wired interfaces statuses, connected devices, wired and wireless clients is presented. Except for it, with the help of this page the administrator can control running apps, among which are various VPN servers and file access protocols, torrent clients and proxies for IPTV watching. The brief information about the system is also presented on the start page.

It’s worth noting that in the given review we will describe the new web-interface that just recently became available on Keenetic wireless routers. During some time traditional version of the web-interface will be also available to the users, to navigate to it one should use «Go back to the previous design» link. However, we didn’t find a way to go back to the new web-interface version so to do this one should reconnect to the device.

With the help of Wired menu item of Internet group the administrator can perform setting of wired network operator connection parameters and select main connection in case Keenetic Giga has connections to different Internet providers simultaneously. Among available ways of connection there are all standard and widely used ones: static and dynamic IP addresses (it is IPoE term so adorable by marketers) and PPPoE/L2TP/PPTP tunnels. We cannot help but mention the support of authentication using IEEE 802.1X.

Have you obtained Keenetic Giga wireless router with wired Gigabit Ethernet ports, however for Internet access connection via ADSL/VDSL is needed or only wireless operators are available in the given area? - It’s not a big deal! One can connect wired xDSL modem or wireless modem with the support of 3G/4G networks to USB ports of the testing model. Corresponding settings are provided in 3G/4G modem and ADSL/VDSL modem menu items of the same group.

Except for the option of connection to mobile operators wireless networks Keenetic Giga provides the users with the ability of connection to wireless networks of Wi-Fi providers, the corresponding setting is available in Wireless ISP menu item.

In Internet group the only item is left for our review: Other connections. Here the administrator can configure parameters of VPN connections working in which KN-1010 router plays role of a client or peer. The following types of tunnels are supported: PPPoE, PPTP, L2TP, L2TP/IPsec, OpenVPN and 6in4. Connections via IPsec are performed in site-to-site mode. SSTP support will be available in the firmware versions since 2.12.

Device list menu item of My networks and Wi-Fi group allows the administrator to view the list of currently connected devices and parameters of their connection. A pleasant peculiarity is an ability to block Internet access for unregistered devices or set speed limit for them. To be reasonable, it’s worth noting that speed limit can be set for registered devices as well, in addition to it, the administrator can configure schedule in accordance to which Internet access will be provided to this or that client.

Now let’s have a look at Home network menu item of the same group. With the help of this item the administrator can not only set SSID for each Wi-Fi frequency range and main parameters of their work (including schedule) but also set IP address for LAN interface, configure DHCP server parameters, perform configuration of virtual networks and activate IGMP Proxy option that provides access to IPTV service of the local network operator. We cannot help but mention the support of Band Steering option with the help of which the router can dynamically distribute wireless clients, which support operating in both frequency ranges, between wireless networks.

One can prohibit access to the wireless router web-interface or limit Internet access speed for clients connecting to guest wireless network. If it is necessary to organise public Internet access with user authorization, one can user Captive portal option. It’s also worth noting that Captive portal function supports remarkable amount of third-party services for user authorization, however if due to some reason there is no needed provider in the list, one can configure parameters of connection to it manually. We also consider interesting an ability to connect to guest network not only wireless clients but also wired devices connected with particular LAN ports of the router. So, for example, one can create selected segment for friends of his/her child or for IoT (Internet of Things). All listed configurations are presented in Guest segment menu item.

Each parent would like to protect his/her child from inappropriate content and protect his/her devices from viruses and network attacks. Internet safety menu item of Network rules group can help with it. Filtration is performed with the use of third-party DNS servers that perform rating of Internet resources.

To use an ability of manual creation of filtration rules, one should go to Firewall menu item of the same group.

In the local network behind Keenetic Giga wireless router a service to which one should provide access from the Internet can be placed. In this case the administrator should go to Forwarding menu item with the help of which configuration of forwarding rules for incoming packets for TCP and UDP ports is performed.

One can manage static routes using Routing item of the same menu group.

Often operators provide users with dynamic IP addresses that make more difficult sharing resources located in the local network behind the router. DDNS service that allows dynamic updating binding of domain name and IP address can help in this case. Corresponding setting is available in Domain name menu item. It’s worth noting that except for widely known operators providing dynamic DNS service, KeenDNS service with a bit wider functionality is supported. So, for example, with the help of this service the users can have an ability of remote managing the router via HTTPS even if the device is located behind NAT/PAT provider. Except for managing, remote setting of SSTP tunnel (at the moment when this review was being written the given option was available in beta firmware versions) for connection to the devices of the home network is available. Some users can prefer ability to connect to different devices of home network using fourth level domains.

Choice of options necessary to the user can be performed with the help of User-defined options menu item of Management group. Here one can turn on/off torrent client and file services, VPN services and UDP proxy. In addition, setting of the services is performed with the help of this page.

One can manage users and their access rules with the help of Users item of the same menu group.

The number of options available for update to the administrator in System settings item is really significant. So, for example, here one can select operation mode of the device and parameters of system updates (including ability of changing set of installed components), view and replace system files, activate support of cloud service, manage working of buttons placed on the router case, configure speeds of network interfaces and USB ports.

With the help of Diagnostics menu item of Management group the administrator can perform checking of particular network hosts availability, view router system log, view the list of active connections, enable the debug mode, and perform packet capture.

Installation of additional extension packages is performed with the help of OPKG item of the same menu group.

In case of Zyxel Keenetic Plus DECT availability DECT base station managing its operation parameters is performed with the help of menu items of Telephony group.

That’s where we could complete the web-interface review, but…

There are several firmware versions for Keenetic wireless routers, the most famous among them are the following: stable (release), preliminary (beta) and debugging. It’s also worth noting that technical support of the vendor provides consultancy only for release and beta versions, we also don’t recommend installing debugging versions without really need. All new functions become available firstly in the debugging firmware versions and are available to enthusiasts for testing. Obviously, we decided to perform update to the latest available debugging and beta versions and check which changes will be available to the users in the short term.

New firmware versions will add new item Connection priorities to Internet group of the web-interface menu. With the help of Internet connection policies tab the administrator can create access profiles managing the order of using connections to providers.

More interesting, from our point of view, is Policy bindings that is the second tab of the same menu item. Using it one can perform binding of particular registered devices to access profiles that allows different wired and wireless clients to use different Internet connections. That’s the first step to realization of PBR - Policy Based Routing function.

User defined options item of Management group is extended with additional option SSTP VPN server.

A pleasant peculiarity of VPN server SSTP is an ability of users connection to it even in case of absence of globally routed (white/valid/real) IPv4 address. Connection is performed via the cloud supported by the vendor. The connection via the cloud can also be used for remote managing the device in case of real address absence.

It’s also worth noting that Keenetic Giga can play role of a client for connection via SSTP, corresponding setting is available in Other connections item of Internet menu.

When this review was being prepared for publication, Keenetic representatives notified us that firmware of 2.12 version is moved from debugging to beta version without any additional manipulations. But the most important point here is that official support is provided for beta versions so users can apply to the vendor technical support in case of any difficulties on using any of described new functions.

Now let’s turn to reviewing the command line capabilities of the device.

Command line

We will not review all capabilities of Keentetic wireless routers command line but describe the most interesting of them. To be reasonable, it’s worth noting that command line has more consistent functionality comparing with the web-interface. Okay, let’s start.

Command line of Keenetic Giga KN-1010 is provided as command interpreter and the users don’t have access to shell. The interface under review is similar to CLI of Cisco Systems devices, however it has many differences. To access the command line one should enter login and password which are the same as for web-interface authentication.

Login: admin
Password: **********
(config)>
 system - maintenance functions
 ntp - configure NTP
 schedule - schedule configuration
 known - manage lists of known network objects
 access-list - configure network access lists
 isolate-private - configure if traffic may pass between "private" interfaces
 user - configure user account
 dyndns - configure DynDns profiles
 ndns - configure NDNS
 yandexdns - configure Yandex.DNS profiles
 skydns - configure SkyDns profiles
 nortondns - configure Norton ConnectSafe DNS profiles
 adguard-dns - configure AdGuard DNS profiles
 ping-check - configure ping-check profiles
 interface - network interface configuration
 ip - configure IP parameters
 pppoe - configure PPPoE parameters
 ipv6 - configure IPv6 parameters
 kabinet - configure kabinet authenticator
 ppe - Packet Processing Engine configuration
 upnp - configure UPnP parameters
 torrent - configure torrent service parameters
 udpxy - configure udpxy
 crypto - configure IPsec
 igmp-proxy - configure IGMP
 dect - configure DECT parameters
 snmp - configure SNMP service
 sstp-server - configure SSTP VPN server
 vpn-server - configure PPTP VPN server
 service - manage services
 cifs - manage CIFS service
 dlna - manage DLNA service
 dns-proxy - manage DNS proxy service
 afp - manage AFP server service
 whoami - display info about the current management session
 printer - printer configuration
 more - view text file
 ls - list directory contents
 copy - copy files
 erase - erase file or empty directory
 access - set user access for directory
 monitor - manage monitor services
 show - display various diagnostic information
 tools - tools for testing the environment
 opkg - Open Package configuration
 ntce - NTCE settings
 easyconfig - configure Easyconfig services
 bwmeter - bandwidth meter
 components - manage firmware components
 cloud - manage cloud services

Several configuration modes are supported for such devices. For example, to update parameters of a particular interface one should go to a corresponding mode.

(config)> int
 interface - network interface configuration
(config)> interface
 Usage template:
 interface {name}
 Choose:
 Pvc
 Vlan
 CdcEthernet
 WiMax
 UsbModem
 RealtekEthernet
 AsixEthernet
 Davicom
 UsbLte
 Yota
 Bridge
 PPPoE
 SSTP
 PPTP
 L2TP
 OpenVPN
 IPIP
 TunnelSixInFour
 Gre
 EoIP
 TunnelSixToFour
 Chilli
 GigabitEthernet0
 GigabitEthernet0/0
 1
 GigabitEthernet0/1
 2
 GigabitEthernet0/2
 3
 GigabitEthernet0/3
 4
 GigabitEthernet0/Vlan1
 GigabitEthernet0/Vlan3
 GigabitEthernet1
 ISP
 GigabitEthernet1/0
 0
 WifiMaster0
 WifiMaster0/AccessPoint0
 AccessPoint
 WifiMaster0/AccessPoint1
 GuestWiFi
 WifiMaster0/AccessPoint2
 WifiMaster0/AccessPoint3
 WifiMaster0/WifiStation0
 WifiMaster1
 WifiMaster1/AccessPoint0
 AccessPoint_5G
 WifiMaster1/AccessPoint1
 WifiMaster1/AccessPoint2
 WifiMaster1/AccessPoint3
 WifiMaster1/WifiStation0
 UsbDsl0
 Bridge0
 Home
 Bridge1
 Guest

For wireless interfaces the user can manage transmission power, wireless channel and modes of compatibility. Also the administrator can specify country code where the given device is used. For all interfaces including wireless ones the administrator can restrict maximum user data transmission speed using traffic-shape command.

(config)> interface WifiMaster0
Core::Configurator: Done.
(config-if)>
 rename - change interface name
 description - set interface description
 role - interface role configuration
 traffic-shape - set traffic rate limit
 dyndns - DynDns updates
 tx-queue - set TX queue length
 mac - configure MAC parameters
 debug - enable connection debugging
 rf - change RF settings
 ip - configure IP parameters
 ipv6 - configure IPv6 parameters
 country-code - set country code
 compatibility - set 802.11 compatibility (use parameters like BG or ABGN)
 channel - set radio channel
 power - set transmission power level
 preamble-short - enable short preambles
 tx-burst - enable Tx Burst
 rekey-interval - change WPA/WPA2 rekey interval
 band-steering - enable band-steering
 vht - enable VHT (QAM256)
 up - enable interface
 down - disable interface
 bandwidth-limit - interface bandwidth limit
 schedule - interface up/down schedule
(config-if)> tra
 traffic-shape - set traffic rate limit
(config-if)> traffic-shape
 Usage template:
 traffic-shape rate {rate} [schedule {schedule-name}]
(config-if)> rol
 role - interface role configuration
(config-if)> role
 Usage template:
 role {role} [for {ifor}]
 Choose:
 inet
 iptv
 voip
 misc
(config-if)> coun
 country-code - set country code
 (config-if)> chan
 channel - set radio channel
(config-if)> channel
 Usage template:
 channel {channel} | width ... | auto-rescan ...
 width - set radio channel width
 auto-rescan - set radio channel auto-rescan schedule
(config-if)> powe
 power - set transmission power level
(config-if)> power
 Usage template:
 power {power}
(config-if)> exi
Command::Base error[7405600]: no such command: exi.
(config-if)> exit
Core::Configurator: Done.
(config)> inter
 interface - network interface configuration
(config)> interface Acc
 Usage template:
 interface {name}
 Choose:
 AccessPoint
 AccessPoint_5G
(config)> interface AccessPoint
Core::Configurator: Done.
(config-if)>
 rename - change interface name
 description - set interface description
 role - interface role configuration
 traffic-shape - set traffic rate limit
 dyndns - DynDns updates
 tx-queue - set TX queue length
 mac - configure MAC parameters
 peer-isolation - enable peer isolation
 security-level - assign security level
 debug - enable connection debugging
 wps - enable WPS functionality
 authentication - configure authentication
 encryption - configure encryption parameters
 ip - configure IP parameters
 igmp - configure IGMP parameters
 ipv6 - configure IPv6 parameters
 ping-check - ping-check configuration
 ssid - set wireless ESSID
 hide-ssid - disable SSID broadcasting on the access point
 wmm - enable Wireless Multimedia Extensions on this interface
 pmf - enable Protected Management Frames on this interface
 ipsec - configure IPsec parameters
 led - configure interface LED binding
 lldp - configure LLDP parameters
 up - enable interface
 down - disable interface
 bandwidth-limit - interface bandwidth limit
 schedule - interface up/down schedule
(config-if)> en
 encryption - configure encryption parameters
(config-if)> encryption
 key - set wireless encryption key
 enable - enable wireless encryption (WEP by default)
 disable - disable wireless encryption
 wpa - enable WPA version 1 (TKIP) encryption
 wpa2 - enable WPA version 2 (AES) encryption
(config-if)> encryption

One can manage access lists for IPv4 traffic with the help of access-list command.

(config)> acce
 access-list - configure network access lists
 access - set user access for directory
(config)> access-
 access-list - configure network access lists
(config)> access-list
 Usage template:
 access-list {acl}
(config)> access-list test
Network::Acl: "test" access list created.
(config-acl)>
 deny - add prohibitive rule
 permit - add permissive rule
 rule - set rule operation time
(config-acl)> perm
 permit - add permissive rule
(config-acl)> permit
 Usage template:
 permit ((tcp | udp) {source} {source-mask} [port (((lt | gt |
 eq) {source-port}) | (range {source-port} {source-end-port}))]
 {destination} {destination-mask} [port (((lt | gt | eq)
 {destination-port}) | (range {destination-port} {destination-
 end-port}))]) | ((icmp | esp | gre | ipip | ip) {source}
 {source-mask} {destination} {destination-mask})
 Choose:
 tcp
 udp
 icmp
 esp
 gre
 ipip
 ip

Using access-group interface command one can set access list for a particular interface.

(config-if)> ip acc
 access-group - bind access-control rules
(config-if)> ip access-group
 Usage template:
 access-group {acl} {direction}
 Choose:
 _WEBADMIN_WifiMaster0/WifiStation0
 test

Unfortunately, at the moment there is no ability for access rules configuration for IPv6 traffic. However, several improvements became available since our previous review. So, for example, one can restrict list of ports via which this or that local network host is available. As we were assured by vendor representatives more exact configuration of firewall rules is planned but without exact due dates.

(config)> ipv6 st
 static - add one-to-one address translation rule
(config)> ipv6 static
 Usage template:
 static tcp | udp [{interface}] {mac} {port} [through {end-port}]

Certainly, firewall for IPv6 can be totally turned off, however we consider this procedure unsafety.

(config)> ipv6
 subnet - subnet configuration
 local-prefix - configure local prefix
 name-server - add name server IPv6 address
 route - configure a static route
 firewall - enable firewall
 pass - configure IPv6 pass-through mode
 static - add one-to-one address translation rule
(config)> ipv6 fi
 firewall - enable firewall

Also with the help of command line one can set static IPv6 addresses to the device interfaces whereas this cannot be performed using web-interface.

system
 set net.ipv6.conf.all.forwarding 1
interface GigabitEthernet1
 ipv6 address 2001:db8:1::1
 ipv6 prefix 2001:db8:1::/64
interface Bridge0
 ipv6 address 2001:db8:2::1
ipv6 route 2001:db8:1::/64 ISP
ipv6 route default 2001:db8:1::2

One can view content of a particular catalogue with the help of ls command, whereas more command displays content of a particular file (we intentionally cut output of this command in our listing).

(config)> ls
 rel:
 entry, type = V:
 name: ndm:
 subsystem: local
 entry, type = V:
 name: flash:
 subsystem: local
 entry, type = V:
 name: temp:
 subsystem: local
 entry, type = V:
 name: proc:
 subsystem: local
 entry, type = V:
 name: sys:
 subsystem: local
 entry, type = A:
 name: log
 subsystem: local
 entry, type = A:
 name: running-config
 subsystem: local
 entry, type = A:
 name: startup-config
 subsystem: local
 entry, type = A:
 name: default-config
 subsystem: local
 entry, type = V:
 name: storage:
 subsystem: local
 entry, type = V:
 name: usb:
 subsystem: local
 entry, type = V:
 name: dect:
 subsystem: local
 (config)> more flash:/default-config
! $$$ Model: Keenetic Giga
! $$$ Version: 2.0
! $$$ Agent: default
system
 set net.ipv4.ip_forward 1
 set net.ipv4.tcp_fin_timeout 30
 set net.ipv4.tcp_keepalive_time 120
 set net.ipv4.neigh.default.gc_thresh1 256
 set net.ipv4.neigh.default.gc_thresh2 1024
 set net.ipv4.neigh.default.gc_thresh3 2048
 set net.ipv6.neigh.default.gc_thresh1 256
 set net.ipv6.neigh.default.gc_thresh2 1024
 set net.ipv6.neigh.default.gc_thresh3 2048
 set net.netfilter.nf_conntrack_tcp_timeout_established 1200
 set net.netfilter.nf_conntrack_max 16384
 set vm.swappiness 60
 set vm.overcommit_memory 0
 set vm.vfs_cache_pressure 1000
 set dev.usb.force_usb2 0
 hostname Keenetic_Giga
 domainname WORKGROUP

One should use service command to manage different auxiliary services.

(config)> ser
 service - manage services
(config)> service
 dhcp - start DHCP service
 dns-proxy - enable DNS proxy
 igmp-proxy - enable IGMP proxy
 dhcp-relay - start DHCP relay service
 http - HTTP service
 afp - enable AFP server
 ftp - enable FTP server
 cifs - enable CIFS server
 dlna - enable DLNA server
 telnet - start telnet service
 ssh - start SSH service
 ntp-client - start NTP client
 upnp - start UPnP service
 torrent - start torrent service
 udpxy - enable udpxy
 kabinet - start Kabinet authenticator
 vpn-server - enable PPTP VPN server
 dect - enable DECT server
 ipsec - enable IPsec
 sstp-server - enable SSTP VPN server
 ntce - enable NTCE
 snmp - SNMP service
 cloud-control - enable cloud control service

Change of system operating parameters is performed with the help of system command.

(config)> sys
 system - maintenance functions
(config)> system
 reboot - restart the system
 set - adjust system settings
 led - setup system LED controls
 button - setup system button functions
 clock - change system clock settings
 domainname - set the domain name
 hostname - set the host name
 configuration - manage system configuration
 log - manage system logging
 mount - mount USB disk partition
 drivers - manage kernel drivers
 swap - set swap area
 zram - set zram swap settings
 debug - enable system debug
 mode - select system operating mode

Command group show is intended for viewing configuration and current working parameters of the device. So, for example, show version command displays information about current firmware version.

(config)> show
 version - display firmware version
 signature - display firmware signature state
 system - display system status information
 drivers - view list of loaded kernel drivers
 threads - view list of active threads
 processes - view list of running processes
 configurator - display configurator information
 interface - display interface status
 ssh - show SSH server status
 dot1x - 802.1x supplicant status
 skydns - display SkyDns parameters
 log - display system log
 running-config - view running configuration
 ip - display IP information
 ppe - show "binded" PPE entries
 upnp - display UPnP rules
 ipsec - display internal IPsec status
 dect - show DECT status
 afp - display AFP server status
 acme - display ACME client status
 cifs - display cifs server status
 dlna - display DLNA server status
 torrent - display torrent service information
 vpn-server - show PPTP VPN server status
 cloud - display status of the cloud service
 sstp-server - show SSTP VPN server status
 ndns - show NDNS status
 easyconfig - display EasyConfig information
 internet - display Internet check status
 dyndns - show DynDns profile status
 ping-check - show ping-check profile status
 site-survey - display available wireless networks
 associations - shows a list of associated wireless stations
 led - display system LED information
 button - display system button information
 clock - display system clock information
 ntp - display NTP parameters
 schedule - display system environment
 crypto - display IPsec information
 chilli - show chilli info
 usb - display USB device list
 printers - display attached printer list
 tags - show available authentication tags
 access - display directory acl
 kabinet - display Kabinet authenticator parameters
 monitor - show monitor status
 ipv6 - display IPv6 information
 ntce - show NTCE settings and status
 yandexdns - display YandexDns parameters
 nortondns - display Norton ConnectSafe DNS parameters
 adguard-dns - display AdGuard DNS parameters
(config)> show ver
 version - display firmware version
(config)> show version
 release: 2.12.A.6.0-2
 arch: mips
 ndm:
 exact: 0-4a1e5ca
 cdate: 19 May 2018
 bsp:
 exact: 0-2ca6889
 cdate: 19 May 2018
 ndw:
 version: 0.4.26
 features: wifi_button,wifi5ghz,usb_3,usb_3_first,
 led_control,vht2ghz,mimo5ghz,dual_image
 components: acl,adguard-dns,afp,base,chilli,cifs,
 cloudcontrol,config-ap,config-client,config-repeater,
 corewireless,ddns,dhcpd,dlna,dot1x,dpi,easyconfig,eoip,
 fat,ftp,gre,hfsplus,igmp,ip6,ipip,ipsec,kabinet,l2tp,
 madwimax,miniupnpd,monitor,nathelper-ftp,nathelper-h323,
 nathelper-pptp,nathelper-rtsp,nathelper-sip,netflow,
 nortondns,ntfs,nvox,openvpn,opkg,opkg-kmod-audio,opkg-
 kmod-dvb-tuner,opkg-kmod-fs,opkg-kmod-netfilter,opkg-
 kmod-netfilter-addons,opkg-kmod-tc,opkg-kmod-usbip,opkg-
 kmod-video,pingcheck,ppe,pppoe,pptp,skydns,snmp,ssh,sstp,
 sstp-server,storage,trafficcontrol,transmission,udpxy,
 usb,usbdsl,usblte,usbmodem,usbnet,usbserial,vpnserver,
 vpnserver-l2tp,ydns
 manufacturer: Keenetic Ltd.
 vendor: Keenetic
 series: KN
 model: Giga (KN-1010)
 hw_version: 10108000
 hw_id: KN-1010
 device: Giga
 class: Internet Center
(config)> show sys
 system - display system status information

To simplify working with commands of show group the administrator can go to a special view mode.

(config)> show
Core::Configurator: Done.
(show)> system
 hostname: Keenetic_Giga
 domainname: WORKGROUP
 cpuload: 2
 memory: 51204/262144
 swap: 0/0
 memtotal: 262144
 memfree: 168060
 membuffers: 10564
 memcache: 32316
 swaptotal: 0
 swapfree: 0
 uptime: 7301

Except for viewing commands, a set of diagnostic ones is available to the administrator.

(config)> tools
Core::Configurator: Done.
(tools)>
 arping - send an ARP request to a given host
 ping - send ICMP ECHO_REQUEST to network hosts
 ping6 - send an ICMPv6 echo request to network hosts
 pppoe-discovery - scan available PPPoE servers
 traceroute - do IPv4 network route diagnostics

One can get information about the connection to command line using whoami command.

(config)> whoami
 user: admin
 agent: cli
 host: 192.168.1.200
 mac: 00:15:17:6a:f3:9a
 where: Bridge0

Also we decided to find out with the help of which commands PBR (Policy Based Routing) setting is performed, that is the ability to perform routing based on policies. At the moment reaching a decision about routing can be performed separately for each client device, so the first thing to start configuration is to perform device registration specifying its name and MAC-address.

known host test 00:15:17:6a:f3:9a

The next step is creating a profile in which Internet connections are listed in order of decreasing priority. In our case wireless provider was used at first and then connection to Ethernet-network.

ip policy Policy0
 description second_profile
 permit global WifiMaster0/WifiStation0
 permit global ISP
 permit auto

After that one should list all existing profiles in ip hotspot section and perform binding of client devices to this or that profile.

ip hotspot
 policy Home Policy0
 policy Guest Policy0
 host 00:15:17:6a:f3:9a permit
 host 00:15:17:6a:f3:9a policy Policy0

That's where we proceed to completion of the brief review of the command line interface capabilities and pass directly on to its testing.

Testing

The first test we traditionally begin this section is estimating the booting time of the device, which is a time interval starting with the moment when the power is on until the first echo reply is received via ICMP. Keenetic Giga wireless router boots after 31 seconds. We consider this as a good result.

The second not less than traditional test was a security scanning procedure, which has been carried out using Positive Technologies XSpider 7.8 network security scanner. At first, we performed scanning from LAN-interfaces side using recommended set of components.

On the whole, there were eight open ports discovered. The most interesting data are presented below.

Then we decided to repeat scanning procedure but from WAN-interface side. Scanner didn’t discover any open port, so Keenetic wireless routers are absolutely safe from external attacks with their default settings.

Before start performance tests we would like to get our readers familiar with the key parameters of the test stand we used.

Component PC Laptop
MB ASUS Maximus IX Extreme ASUS GL753VD
CPU Intel Core i7 7700K 4 GHz Intel Core i7 7700HQ 2.8 GHz
RAM DDR4-2133 Samsung 64 Gbyte DDR4-2400 Hyundai 8 Gbyte
NIC Intel X550T2
ASUS PCE-AC88
Realtek PCIeGBE
OS Windows 7 x64 SP1 Windows 10 x64

We decided to start with measuring performance of the device while IPv4 traffic routing with using NAT/PAT translations and without them. Measuring was performed for 1, 5 and 15 simultaneous TCP connections. JPERF utility of 2.0.2 version was used as an instrument for measuring. Both measurements displayed below were performed with hardware routing acceleration enabled by default.

As KN-1010 model is a wireless router, we cannot help but test user data transmission speeds in wireless network segment.

Keenetic Giga supports great number of various tunnel connections so we decided to measure performance of some of them. Data transmission speeds via PPTP and L2TP tunnels are traditionally high. Certainly, using of encryption together with PPTP significantly decreases speeds available to the users. In these tests KN-1010 model was used as a client.

One of the most popular ways of connection to remote networks is OpenVPN tunnel. Another not less than popular way of connection is using of IPSec. Here we used KN-1010 as a server.

It’s worth noting that testing model also supports connections with the help of SSTP protocol. The peculiarity of this connection is ability to set tunnel even if router doesn’t have globally routing address. The results of performance measuring for KN-1010 router working in SSTP-server mode are presented below.

Next version of IP IPv6 is becoming more and more popular. The increase of popularity of this protocol in Russia can be explained by users desire to bypass interlocks set by Roskomnadzor and keep up with the times, implementing new developments the first. Obviously, we cannot help but measure routing speeds for IPv6 packets. On the diagram below obtained speeds while using of hardware accelerator of IPv6 working and without it are displayed.

Different 3G/4G modems, USB printers, flashcards, DECT stations, ADSL/VDSL modems can be connected to USB port of the router. We decided not to miss an opportunity to measure access speeds for data located on our Transcend TS256GESD400K SSD drive of 256 Gbytes connected to USB port of Keenetic Giga router. We consequently formatted drive using the following file systems: EXT2/3/4, NTFS, FAT32 and HFS+. The results of measuring on connection to USB 2.0 and USB 3.0 ports are displayed below.

In addition, we decided to find out which access speeds to data located on USB drive can be obtained by the users connecting to the router with the help of PPTP tunnel without encryption. Measurements were performed for NTFS file system. Obtained data correspond to maximum announced performance of PPTP server (150-200 Mbps) working on Keenetic Giga router. Performance of PPTP client and server built into Keenetic Giga wireless router is significantly different.

In conclusion, we would like to mention about one more test which we performed in parallel with main experiments. With the help of our ADA TempPro-2200 laboratory pirometr we performed measurement of router case temperature under full load. It turned out that maximum temperature of router case was 37 degrees celsius while external temperature was no more than 24 degrees. Obtained temperature value we consider a normal one.

That’s where we complete testing section and move directly to summing it all up.

Summary

On the whole, we are glad with tested Keenetic Giga KN-1010 wireless router, after two years since our previous testing of Zyxel devices a significant work has been performed: hardware performance is increased, web-interface is remarkably revised and updated, device functionality is significantly expanded. The most positive appreciation is reasonably referred to the flexibility of network interfaces settings and new web-interface we consider user-friendly and intuitively understandable even for new users.

Strength areas of Keenetic Giga KN-1010 wireless router are the following:

  • high user data transmission speeds;
  • support of great amount of VPN connection types;
  • flexible configuration of network interfaces;
  • IPv6 support;
  • ability to connect to existing wireless networks;
  • support of two wireless frequency ranges;
  • captive portal option;
  • ability to remotely connect to the router even without global routing address;
  • module firmware structure;
  • ability to set SFP for connection to optical networks;

The only peculiarity that surprised and a bit confused us is inability to manage access to the devices in the local network based on access lists on connection via IPv6. Probably, that’s the only thing that we could refer to the drawbacks in the meantime.

At the moment this review was being written, the average price for Keenetic Giga KN-1010 wireless router in Moscow online shops was 7500 roubles.

Add comment


Security code
Refresh

Found a typo? Please select it and press Ctrl + Enter.