TOSIBOX® Central Lock / Virtual Central Lock Software Releases

The release notes are available under the Central Lock Software Release table. 

v2.6.3 – release date 2023-10-09 (Virtual Central Lock only)

Improvements

• Fix for possible issue arising during update within Virtual Central Lock 2.6.x branch

v2.6.2 – release date 2023-10-02 (Virtual Central Lock only)

Enhanced IP-to-IP mode instructions

The new IP-to-IP mode introduced in Virtual Central Lock 2.6.1 has been enhanced for better usability. This mode is specifically created to enable point-to-point communication between IP endpoints within LAN networks behind Tosibox Nodes. For more details, refer to the User Manual or the Helpdesk article "Working with the Access Groups IP-to-IP mode".

Improvements

• IP-to-IP mode is off by default when creating new Access Groups
• Clarified the IP-to-IP mode user interface description

v2.6.1 – release date 2023-08-22 (Virtual Central Lock only)

Supported virtualisation platforms

• VMWare vSphere/ESXi v7.0 GA
• Microsoft Hyper-V on Windows Server 2016 and 2019
• Linux KVM
• Microsoft Azure Cloud
• Amazon AWS Cloud

Support for TosiControl management UI

Virtual Central Lock is a central component in network management with TosiControl. Access controls created with the Access Groups can be monitored on TosiControl. Virtual Central Lock also sends a list of network elements and their status information for centralized device management. TosiControl integration requires explicit user approval on the Advanced Settings page.

IP-to-IP mode

IP-to-IP mode allows creating connections on IP level from the LAN side of one Node to the LAN side of another Node. With the IP-to-IP mode it is possible to limit access between the LAN side devices even if there are more devices present on the Node LANs. IP-to-IP mode is an extension of Access Groups.

Stability and scalability improvements

Especially large but also smaller Virtual Central Lock deployments gain performance improvement from improved memory management and enhanced file system and internal routines.

Improvements

• Improved robustness and bug fixes to Access Groups
• Tightened firewall rules for DHCP
• Fixed stability issue with Nodes where 1:1 NAT is used
• Fixed rare issue where NTP service failed to start
• Improved robustness for software update process
• Latest underlaying OS security and 3rd party library updates

v2.4.3 - release date 2023-05-29 (Central Lock)  

• Updated third party libraries to support more secure TLS 1.1 connectivity
• Indication in the user interface whether connection is a relayed (TCP) or direct VPN connection (UDP)

v2.6.0.1 - release date 2022-12-13 (Virtual Central Lock) 

• Resolved Access Groups issue affecting "Allow traffic between Locks" and "Allow L2 traffic between Keys" settings changing from enabled to disabled by itself when updating to version 2.6.0

v2.6.0 – release date 2022-11-16 (Virtual Central Lock only)

Supported virtualisation platforms.

• VMWare vSphere/ESXi v7.0 GA
• Microsoft Hyper-V on Windows Server 2016 and 2019
• Linux KVM
• Microsoft Azure Cloud
• Amazon AWS Cloud

Redesigned access rights management

Access Groups has been redesigned from the ground up. Access rights management is based on sets of devices and users that are grouped to create access rules called Access Groups. Access Group can consist of one or several device and user sets. Access Groups UI is modernised, graphical and mouse operated based on drag and drop gestures. All the familiar features from previous releases are supported. New Access Groups UI is fully backwards compatible, all upgraded systems will retain already created Access Groups.

Greatly enhanced cybersecurity

Virtual Central Lock underlying operating system and libraries are upgraded. Connectivity is utilising latest major VPN libraries contributing to greatly enhanced system security.

New audit trail events

Audit trail stores various actions such as system state and configuration changes. Actions can be traced, filtered and exported on the Logs view. Virtual Central Lock has received new audit events to complement increased functionality such as "System started" and "System shutdown".

Improved software update process

There are different types of updates

System upgrade – Major release containing foundational changes to the platform and applications

Software update – Minor release containing updates to selected parts of the system

Https login for web UI

Web UI access can be made via secure https protocol. Https encrypts traffic between the end user device and the web server and provides increased security. If https is enabled, it is used when accessing from the Virtual Central Lock LAN or over VPN connection.

Revised documentation

Virtual Central Lock user manual is revised thoroughly. For example, it has a section for installation and system requirements, Access Rights Management is explained in detail, all audit trail events, and email alerts are listed.

Bug fixes

• VPNs are not cut-off when creating or deleting VLANs
• Status page shows selected Lock and Sub Lock
• Protocol ICMP ping is now allowed in access group
• Renaming device in "Network devices" list does not result in unnecessary "Link protocol invalid" error anymore

v2.5.2 – release date 2022-06-28 (Virtual Central Lock only)

VPN Usage Logs export

Updated system libraries and security fixes

Stability and scalability improvements

Improvements in Access Groups

Bug fixes

• Fixed issue where Keys can change from layer 3 to layer 2 because of a sw bug and user loses access to VCL.
• Fixed issue where IP address or IP address range in Access Group can have global effect even though it shouldn’t.
• Fixed issues where connection names can get scrambled between VCL and the Key Manager in the Key software.
• Fixed issue where Web UI could be broken when adding blank static route.
• Fixed issue where manually added devices that are outside the IP range are not shown correctly in Web UI
• Network devices list refresh fixed without the need to reload the Status page. Edit and remove buttons work again.
• Fixed issues where duplicate system alerts were sent or no alerts were sent at all.
• Added password copy option when new administrator user password is generated.
• VCL native Chromium browser upgraded and is now in kiosk mode. Browser extensions cannot be installed anymore.
   

v2.5.1 – release date 2021-10-11 (Virtual Central Lock only)

Fixed issues

• Rare incident in Access Groups can cause the firewall not configured with the new settings, recently created IP/MAC items should be recreated manually
• Stability improvement in VPN connection management

v2.5.0 – release date 2021-03-23 (Virtual Central Lock only)

UI/UX Improvements

• Totally new look and feel
• Online devices are grouped by Locks on the status page

Multiple admin users

• Adding more admin accounts to Virtual Central Lock now possible
• Admin password change is forced on UI after upgrade to 2.5.0

Scheduled access

• Admins can define access schedules for Keys in access groups

Audit trail for connections

• Admins can now see where Keys connect to through Virtual Central Lock plus the connection times and transferred data amounts
• Admin actions are logged for audit purposes

Fixed issues

• Local time made visible on the page where timezone is set
• Log events are now shown correctly on the chosen timezone
• Alerts clock now respects the timezone setting
• Removing hosts from network device list works more reliably

v2.4.2 – release date 2021-03-23 (Virtual Central Lock only)

• Interim release enabling update to 2.5.0

v2.4.1 – release date 2020-03-25 (Virtual Central Lock and Central Lock)

• Virtual Central Lock 2.4.1 supports Azure and AWS installation. Read more from the CTO’s  blog
• Fixed product name shown in Alerts
• Activation is now possible with Static IP on WAN interface
• Adding a new network device does not anymore automatically create HTTP link for that device
• Fix for Alert timeout logic
• Stability & performance fixes

v2.4.0 – release date 2020-01-29

• Virtual Central lock Lite can now be downloaded.
  • All free (Lite) downloads are limited to 5 connected TOSIBOX® devices (Keys, Locks, Mobile Clients)
  • Status page now shows the amount of connected TOSIBOX® devices / total amount per license, and notifies the user when there are more devices connected than the license allows
  • SMTP server has to be configured for email alerts to work. Tosibox email servers are not used anymore.
• Optimized loading of ‘Keys and Locks’ section on UI
• Improved reconnect time to Locks in case of a connection failure on Virtual Central Lock side
• Removing a Lock connection does not disconnect/reconnect Layer 3 connections anymore
• Fix for Internet connection status display
• Improved configuring routes from Virtual Central Lock Access Groups to Locks
• Fixed port range in Access Groups
• UI optimisations for IE
• Optimized firewall updatesSeveral stability improvements

v2.3.0 – release date 2017-12-15

• Added SoftKey support
• New device icons for different client types in web UI
• Fix for an issue where adding an incomplete static route or another default route caused system malfunction
• Fix for an issue where certain parts of the web UI didn’t work with Mozilla Firefox
• Reliability improvements
• Includes all v2.1.0 – v2.2.0 changes also for Central Lock
• Notice for Central Lock users updating from v1.4.0: This version replaces earlier IP/MAC filter functionality with Access Groups. During the update, the system will migrate most of the earlier IP/MAC filter rules to Access Groups but there can be certain configurations that cannot be fully migrated nor are supported with Access Groups, e.g. rules affecting communication between Layer 2 connections within the same LAN. Please note this before installing the update and please verify the you have correct settings in Access Groups after the update and make adjustments if required.

v2.2.0 – release date 2017-07-05

• Master Key can now be matched remotely with the Virtual Central Lock (read more)
• Access groups can now be enabled/disabled
• Mobile Clients inherit now their initial access rights from the Key that was used to create them
• Added warnings when deleting WAN or LAN interfaces
• Fix for an issue where Mobile Clients could not connect if they didn’t belong to any access group
• Fix for an issue where iOS Mobile Client could not connect
• Scan for LAN devices function fixed

v2.1.1 – release date 2017-05-29

• Fix for a mouse issue on VMWare ESXi
• Fix for an issue where the network interface ordering might have changed after adding new network adapters to the virtual machine

v2.1.0 – release date 2017-03-31

• First SW release for the Virtual Central Lock
• Support for defining access rights with access groups
• Support for virtual LANs
• New, streamlined web user interface for Central Lock and Virtual Central Lock
• Support for global Lock names
• The Lock’s name is now shown and can be changed in the web UI
• The time zone can be configured
• Added support for NTP (Network Time Protocol) server
• New production units now show the end-user license agreement when the admin logs in for the first time
• Improved reliability of refreshing status information in the web UI
• Gateway option is no longer shown for LAN and VLAN interfaces
• Mitigation for a security issue with VPN connections using Blowfish cipher: TBSA-016-301(CVE-2016-6329)
  • The VPN data channel key is renegotiated much more frequently when Blowfish is used
  • AES-128-CBC is now the default VPN cipher for new Lock 100 production units
  • Lock-to-Lock and Lock-to-Central Lock connections now honor the VPN cipher setting of the main Lock or Central Lock
• WAN port IP address is now shown on web UI also when using DHCP

v1.4.0 – release date 2015-06-25

• Support for iOS Mobile Clients
• Key-specific IP/MAC filter: access to LAN network devices can now be defined separately for each Key
• Option to add exceptions for restricted Internet access (Industry settings ->Prevent Internet access from LAN …)
• Network device list is now sorted alphabetically in the web UI
• Available software updates are now announced in the web UI
• Support for choosing the preferred VPN data encryption cipher (AES or Blowfish)
• Improved performance with large number of VPN clients
• Improved connection establishment time for Layer 3 Key connections
• Lock’s friendly name is now visible in the alert email subject
• Connection type is now Layer 3 for all new Sub Keys and Backup Keys
• New production units have now 3072 bit RSA keys
• “Wired” text is now shown also for devices in ports LAN2-4
• Fix for an issue where connection alerts were sent even though the connection was restored before timeout
• Fix for an issue where the connection names could sometimes get lost when saving Tosibox devices page
• Fix for an issue with network device list when L3 Locks had a large number of devices

v1.3.2 – release date 2014-11-28

• Fix for an issue where the Central Lock might not reconnect to Internet after a network problem

v1.3.1 – release date 2014-11-21

• Fix for a web UI issue that affected new produced units

v1.3.0 – release date 2014-11-12

• Log data can now be exported in CSV format
• Log events are now generated for web UI login/logout
• Email alerts can be triggered also from system failures (e.g. failing hard drives)
• Connection alerts have now a configurable timeout to prevent alerts from short disconnects
• SW updates can now be installed from the web UI
• Security updates are installed automatically daily
• Initial support for AES ciphers, with AES-256-CBC as the default cipher if the client supports it.
• New options to prevent access from serialized Sub Locks and L3 Locks to Central Lock’s LAN ports
• Access from serialized Locks to Central Lock’s web UI is now prevented by default
• Web UI displays now also the physical IP for devices behind L3 locks when 1:1 NAT is in use
• Serialized L3 Locks can now access the static routes that are configured on the Central Lock
• The Internet can be accessed also from service port
• Idle bandwidth consumption reduced
• Usability improvements on edit connections page
• VPN connections are now disconnected/reconnected only when needed when saving Central Lock settings
• DNS rebind protection is now disabled to avoid possible problems
• Fix for an issue where enabling MAC/IP filter broke access from LAN to L3 Locks
• Fix for an issue where the remote support connection was not closed correctly
• Fix for an issue where changing Key’s access rights changed the connection type to Layer 3
• Fix for an issue where serializations might have gotten lost
• Fix for an issue with static host routes (netmask 255.255.255.255)
• Stability improvements