LogonBox VPN 2.4.17 released

Chris Dakin

Introduction

LogonBox is pleased to announce the immediate availability of LogonBox VPN 2.4.17.

This release includes improved certificate support, some updates to SAML as well as some performance improvements to VPN client config generation.

The changelog at the bottom lists all new features and bugs fixed.

 

SSL certificate changes

SSL certificate keys now support RSA 3072-bit keys.

 

SAML support

SHA384 and SHA512 algorithm support has been added to the SAML Digest Method.

This was previously hard-coded to SHA-1. For ease of configuration, the digest method uses the same setting as set in the 'Sign Assertion Algorithm option'.

 

VPN client new client configuration performance improvements

When a new VPN client connects to the server, the server was recalculating the 'Allowed IP's for all clients unneccessarily.

This could have a significant performance impact where you already have many clients and had been seen to cause other clients drop packets.

The server now only calculates what it needs for a new client, which has significantly reduced the impact for other connected clients.

 

Upgrade Instructions

You can directly upgrade from the web UI or the operating system.

To upgrade from the web UI, log on to your admin account, navigate to Server Status from the main dashboard, and click Update. If you have Updates, Features & Licensing->Update Prompt turned on, you may also be prompted automatically upon login.

 

To upgrade from the operating system:

On Windows – download the new installer, run the installer, and follow the prompts.

 

On a LogonBox VM – from a shell, type in:

apt update
apt upgrade

 

If you are still running a version before 2.3, you will need to perform some extra steps from the OS, as detailed here:

https://docs.logonbox.com/app/manpage/en/article/6172513

Our support team will upgrade Cloud customers over the coming week.

 

Changes

Here is a summary of the changes in this release.

Features

  • Added support for SSL Certificates with RSA 3072-bit key algorithm.
  • Updated Log4J to latest release.
  • Added SHA384 and SHA512 algorithm support to SAML Digest Method (uses the same setting as set in Sign Assertion Algorithm).
  • Adding new clients routing on the server side is significantly more efficient (previously with large client counts, the routing table could take a long time to rebuild).
  • Added an option to disable VPN client downloads for end users.

Bugs

  • Removed the partial reconcile schedule expression from non-AD user directories (as this is only supported on AD).
  • When editing a Role, the permissions list no longer goes blank after interacting with it.
  • Hazelcast update checks should now no longer happen.
  • Email messages will work now if the plain body is blank and only html exists.
  • Resolved an incompatibility with an AD password potentially having a maximum password age greater than the max age that can be stored in the database. Any password expiring after the year 2125 will now be considered as never expires.
  • SAML Digest Algorithm is now set to the same as the Sign Assertion algorithm, rather than hard coded to SHA1.
  • On System Configuration->Interfaces, clicking the VPN tab now correctly displays that tab as its own page rather than below the HTTP interfaces as intended.
  • Upgraded the DB schema for older systems to correct the character set and collation on some DB tables.
  • On an LDAP User Directory, including an OU that contains only users now works as expected.
  • When creating a new realm, the wgx interface now starts automatically again.
  • VPN Clients connected on a sub-realm now correctly show their status when connected to the network.