LogonBox VPN 2.4.11 – Now Available

Posted on by Lee Painter
Windows two-factor authentication

Introduction

LogonBox is pleased to announce the immediate availability of LogonBox VPN 2.4.11.

This release includes extra support for TOTP in our own authenticator as well as updated components to address potential security concerns.

TOTP additions

The LogonBox Authenticator now supports failover to using TOTP if the user’s mobile is offline or out of signal range.
On the LogonBox web UI at the Authenticator prompt, the user will now see an option to ‘Cancel Mobile Authentication and provide offline TOTP code’.

Note: This requires the latest LogonBox Authenticator app, version 0.20.

 

Security Updates

The UI components for Bootstrap have been upgraded to version 5 to address any security concerns reported by vulnerability scanners.

We have also added a new Content-Security-Policy header for ‘frame-ancestors’. This replaces the ‘X-Frame-Options’ header used previously and is now deprecated in most browsers.

Event Triggers on a VPN client registration

It is now possible to use Triggers to watch for a Peer Reserve event.

This can allow you to perform extra checking on a client registration. 

For example, if you wish to only allow clients with a specific UUID, you could use a trigger to execute a script to check such a UUID against an allowed list of IDs.

Please contact support if you would like further information.

 

Upgrade Instructions

You can directly upgrade from the web UI or the operating system.

To upgrade from the web UI, log on to your admin account, navigate to Server Status from the main dashboard, and click Update. If you have Updates, Features & Licensing->Update Prompt turned on, you may also be prompted automatically upon login.

 

To upgrade from the operating system:

On Windows – download the new installer, run the installer, and follow the prompts.

 

On a LogonBox VM – from a shell, type in:

apt update
apt upgrade

 

If you are still running a version before 2.3, you will need to perform some extra steps from the OS, as detailed here:

https://docs.logonbox.com/app/manpage/en/article/6172513

Our support team will upgrade Cloud customers over the coming week.

 

Changes

Here is a summary of the changes in this release.

Features

  • Added option to log off Azure when signing out of LogonBox (connected to Azure)
  • Updated Bootstrap components to the latest version
  • Added a new Content-Security-Policy for frame-ancestors to replace the now deprecated X-Frame-Options header
  • The /boot partition has been merged into / for new builds, as previous VMs had a too-small /boot partition.
  • Clicking the manual Synchronize button will now re-enable the sync schedule if it is in a disabled state.
  • Added an option to prevent users from deleting their own TOTP authenticator configurations.
  • Added TOTP support to the LogonBox Authenticator, which can be used if your mobile cannot contact the server.
  • Added the ability to trigger events from a VPN client registration. For example, this event can be used to whitelist only a specified set of clients.

Bugs

    • Fixed automatic log-off in Azure when logging out of LogonBox.
    • Services are now showing correctly again in VMCentre
    • The Support Callback service can now be launched again from the web UI and VMCentre
    • A user’s password expiry time is now displayed in the UI in the local server timezone rather than UTC.
    • Error messages on small (mobile) screens now wrap onto new lines so a user can read the full error.
    • The user can now see their Active Directory password policy again on the reset password screen.
    • A user’s locked status is now updated on a sync if a user has been unlocked directly in AD.
    • A suspended user will resume as expected after the lockout time expires.