All You Need to Know About LogonBox VPN 2.3.20

Windows two-factor authentication


LogonBox is pleased to announce the immediate availability of LogonBox VPN 2.3.20.
This release includes the ability to force AD schema versions and additions to LDAP attributes.

AD schema checking changes

LogonBox needs to check the AD schema when using Active Directory so we know what features to support.
There have been some cases where these checks were unsuccessful, which resulted in the service not supporting Password History checks.

LogonBox will now automatically traverse up the AD DN chain to try to find the schema if it’s not found.

We have also added a setting to override this schema setting manually.
To change this setting manually, navigate to User Directory->Configure User Database->Advanced and look for the Schema Version setting.

LDAP user directory reads more attributes

The LDAP user directory now pulls in the user’s email address and description attributes if they exist.

Upgrade Instructions

You can directly upgrade from the web UI or the operating system.

To upgrade from the web UI, log on with your admin account, navigate to Server Status from the main dashboard and click Update. You may also be prompted automatically on login if you have Updates, Features & Licensing->Update Prompt turned on.

To upgrade from the operating system:

On Windows – download the new installer, run the installer, and follow the prompts.

On a LogonBox VM – from a shell, type in:

apt update
apt upgrade

If you are still running a version before 2.3, you will need to perform some extra steps from the OS, as detailed here:

Our support team will upgrade Cloud customers over the coming week.


Here is a summary of the changes in this release.


  • New option added to force AD schema versions, plus automatic domain traversal to attempt to find the schema automatically.
  • LDAP reads in email and description attributes on a sync.


    • Cloudflare proxying no longer results in a 520 error when a client uses IPv6.
    • AD connections over SecureNode sometimes hung on close; this has been resolved.
    • LDAP now writes changes back to the directory after editing a user.
    • Vulnerability: Fixed an issue where it was possible to determine a valid username by a bad response to using a fake principal.
    • Fixed justification of login widget on Password Reset and Account Unlock pages when a Logon Banner is set.

    VPN Client

      • Mac OS X networksetup DNS integration now correctly removes DNS server address and domains on tear down.
      • Resolved some issues with starting the service on French language version of Windows.