LogonBox VPN 2.3.16 is Available Now

Posted on by Lee Painter

Introduction

LogonBox is pleased to announce the immediate availability of LogonBox VPN 2.3.16.
This release includes updates to the deployable VM images, some extra customization around messaging for the logon banner and RADIUS authentication and some VPN connection stability fixes.

Updates to the virtual machine images

Our VM images now run on the latest Debian 11 Bullseye release where possible. The Debian project should support this release for security updates until 2026. With the Azure and ISO images, these still run on Debian 10 Buster due to some technical limitations. Debian 10 is still in support until 2024.

We have the following guides available if you wish to upgrade the operating system on an already deployed image. We recommend that you upgrade the OS one version at a time. Therefore, if you want to go from Debian 9 to 11, stage the upgrade via Debian 10.

Upgrading Debian 9 to 10:
https://docs.logonbox.com/app/manpage/en/article/627806

Upgrading Debian 10 to 11:
https://docs.logonbox.com/app/manpage/en/article/7299885

SSH on the VM images is now disabled by default, except for our cloud hypervisor images where SSH access is via key authentication. If you wish to enable SSH on an on-prem image, you can do this from VMCentre on the console.

To do this, go to the Services tab, click the options button next to SSH Server and tick ‘Start this service upon boot’.

The OVA and OVF images have VMware tools installed by default (open-vm-tools).

RADIUS improvements

The default ‘password’ prompt caused some confusion amongst some users. Therefore the default prompt has been changed to ‘passcode’ to differentiate it from a user’s AD password, for example.

It is also possible to alter this prompt to any text of your choice.

Edit your Authentication Flow and click the edit icon on the RADIUS module. You should see a new User Interface tab which contains the field for the prompt.

Formatting options for the logon banner

Support for some HTML tags now exists in the Logon Banner. The Logon Banner is the message displayed underneath the login prompt. This configuration is in Authentication Flows->Authentication Options->Logon.

The following HTML tags may now be used to help you format any messages you wish to display: “b”, “i”, “u”, “sup”, “sub”, “strong”, “big”, “small”, “br”, “span”, “em”, “p”, “div”, “h1”, “h2”, “h3”, “h4”, “h5”, “h6”, “blockquote”.

Better connection stability

The session cleanup job on the server sometimes cleared active VPN connections; hence, connections could drop, and the user would have to re-authenticate. Connections should be a lot more stable now.

The VPN client on non-English Windows clients should now start up more reliably.

Upgrade Instructions

You can upgrade either from the web UI or the operating system directly.

To upgrade from the web UI, log on with your admin account, navigate to Server Status from the main dashboard and click Update. You may also be prompted automatically on login if you have Updates, Features & Licensing->Update Prompt turned on.

To upgrade from the operating system:

On a LogonBox VM – from a shell, type in:

apt update
apt upgrade

Changes

Here is a summary of the changes in this release.

Features

  • On-prem VM builds now have SSH disabled by default
  • New VM builds now run on Debian 11 bullseye (except ISO and Azure).
  • OVA and OVF images now have VMware tools installed.
  • You can now customize the RADIUS password prompt.
  • The default prompt for RADIUS is now Passcode rather than Password.
  • Support for some HTML tags now exists in the Logon Banner.

Bugs

  • Users can no longer log in when the account is in a suspended state.
  • An attempted password reset for a user that does not yet have a completed profile no longers results in a null error.
  • When editing a message template, in the HTML tab, any existing text displays immediately rather than needing to click in the field first.
  • Generating a CSR now succeeds when a comma exists in the Organization field.
  • Live connections should be less liable to random disconnects when the session cleanup job runs on the server

VPN Client

  • The VPN client successfully starts the client service again on non-English Windows clients.