For the Tosibox HUB/VCL software lifecycle and support status details, refer to Tosibox software lifecycle details article.

Version 4.0.1

28 March 2025

Note: 

• This update is not offered to those users who have successfully upgraded to 4.0.0 before.

Bug fixes:

• Fixes an issue where user can't log in from non-local browser if sysupgraded from 3-series while having HTTPS UI enabled. For users who had upgraded successfully with HTTP, HTTPS would work normally if enabled after sysupgrade.

 

Version 4.0.0

25 March 2025

New features and improvements

• OS Upgrade
• New look-and-feel in UI
• Security fixes based on penetration testing results
• HUB 4 series images are available in AWS (3-series was skipped)

Important notes, breaking changes

• Support for Microsoft Hyper-V in Windows server 2019 has been dropped. Hub 4.x is tested and supported in Microsoft Hyper-V in Windows server 2022. If you are running Windows Server 2019, it is not recommended to upgrade to Hub 4.x
• VPN from old lock 100 models (before revision E) won’t work anymore
• BF-CBC (Blowfish) cipher is no longer supported in MatchMaker-orchestrated VPNs

Bug fixes

• several fixes made to improve especially security and usability.

 

Version 3.2.1

14 January 2025

Improving HUB stability and performance in large environments

Bug fixes

• Fixed VPN stability issue in big environments with high number of relayed connections
• Major performance improvement for handling big number of network devices from connected locks
• Fixed issue where HUB could experience major malfunction in long-lived big environments that had lots of network devices in connected locks

 

Version 3.2.0

5 November 2024

New features and improvements

• Remote logging of audit log events. See Knowledge base article HUB remote logging
• New audit log events for remote logging
  • Audit log forwarding enabled/disabled
  • Audit log view opened
  • Audit log settings changed
  • Audit log test event
  • Alert sending failed
• New troubleshooting tools for Ping, Traceroute, NSlookup
• Status page Internet Connection field has been split into two separate fields;
  • Internet Connection - indication if connectivity to public Internet is working
  • Tosibox Cloud - indication if connectivity to Tosibox services is working. This field shows the same status that Internet Connection field previously displayed
• Connected Nodes without LAN devices are now delivered to and shown in Key client user interface
• Cipher selection per Key and per Node basis on the Keys and Locks page
• Support for ChaCha20 cipher
• Security updates and patches to OS and libraries

Bug fixes

• Strict input validation for escape characters in audit logging
• Strict validation for certain web links and parameter fields
• Resolved duplicate error indication during password change
• Resolved issue with the TX/RX byte counters on interfaces and VLAN pages being capped at 4.2GB. Counters are 64bit values now
• Resolved issue where L2 Key could be assigned to multiple Access Groups
• Resolved issue in VPN Overview where iOS Mobile Client VPN connection could be shown falsely as direct connection

Removed features

• Removed TLS 1.0 and TLS 1.1 support. Legacy Node and Key versions may not connect anymore

 

Version 3.1.0

24 July 2024

New features and improvements

• System status monitoring via Prometheus. See Knowledge base article How to use Prometheus
• New VPN Overview page showing connection details
• New password complexity requirements
• UI displays error message if Mobile Client tries to connect but LAN interface is not configured
• Support for sending active VPN list to TosiControl
• Security updates and patches to OS and libraries
• TosiControl integration option has been removed in the Advanced settings. The HUB is now automatically integrated to TosiControl when it is part of an onboarded network.

Bug fixes

• Resolved an issue where link path in network device of L3-connected lock was not available in Tosibox HUB
• Resolved an issue where certain time zones couldn’t be set
• Resolved rare issue when saving Access Groups settings might have been overwritten if they were modified in the background
• Resolved an issue where VPN usage log counters wouldn’t always update

 

Version 3.0.0

13 May 2024

Announcement

• Tosibox Virtual Central Lock (VCL) is renamed to Tosibox HUB. The product is the same and upgrade paths from Virtual Central Lock to HUB are offered automatically. There are no deviations or removed features.

Changes and new features

• Microsoft Azure Marketplace delivery
• HUB underlying operating system and libraries are upgraded
• Improved software update process
  • HUB installation process is more robust and provides progress on UI
  • SW updates are checked automatically once a day
  • If new update is found a notification is shown on the UI
  • HUB will check for Azure and AWS specific extensions
  • HUB can warn about extensions coming from unknown sources
  • HUB will notify if reboot is required after SW update
  • Ongoing SW update is displayed on the SW Update page until done
  • Ongoing SW update gives a warning on Reboot page
• HUB has received new audit events to complement increased functionality such as Node added or removed, VPN limit is near or has exceeded limit set in license, SW update is available, started or completed
• HUB can send its status and settings to TosiControl for network monitoring, when feature is enabled
• VMWare ESXi environment HW version setting is changed from 7 (ESXi/ESX 4.x) to 14 (ESXi 6.7)
• VPN throughput is increased in Microsoft Azure and Amazon AWS environments where certain HUB installations were experiencing packet drop rates due to small socket buffer size
• Used VPN connection protocol is displayed in the management user interface, either relayed TCP or direct UDP
• HUB has a new favicon
• VPN tunnel name is validated and certain special characters are no longer accepted
• Confirmation is asked when clicking Reboot button
• Added ability to configure LAN device path for the http(s) service
• Email alerts has a new field for configuring TLS security for enforcing connection security scheme
• Copy to clipboard button was added to copy the generated Remote matching code
• Network device list items are now clickable web links opening the configured web service
• Internet connection field on Status page is renamed as Tosibox Cloud
• Static routes MTU field is not supported and has been removed
• User can choose to display login password as asterisks or plain text
• Removed Blowfish option as the preferred cipher for VPN data encryption from UI option. Blowfish can no longer be selected for new Node and Key tunnels.
• HUB activation process is more robust and verbose
• HUB update process from 2.6.3 onwards is more verbose to address possible issues during the update (additional change on 31 July 2024)

Bug fixes

• Access Groups has a new Compatibility level setting to overcome an issue in Access Groups, IP address with netmask behaves differently than IP ranges when data is communicated to Locks. If compatibility level is "legacy" IP address with netmask is not transferred to Locks. If compatibility level is "default" IP address with netmask is transferred to Locks in the Access Group
• Resolved certain Netmask and IP range address issues in Access Groups when migrating from older systems
• Resolved issue when modifying VLAN interface HUB would not reconnect affected VPNs as was expected
• Resolved issue where setting up new HUB installations with static IP address was broken
• Resolved issue where static routes might not be deleted from the system after being deleted from the UI
• Resolved issue where alert sending failed for anyone else but first recipient if recipient list contained spaces
• Resolved issue where alert sending failed when using TLS security with specific type of mail servers due to bug in certificate management
• Static route view validates against adding clearly malformed routes such as invalid IP/netmask/gateway and combination of those

Removed features

• Dropped support for Microsoft Hyper-V on Windows Server 2016
• Dropped support for scripting installation on Microsoft Azure and Amazon AWS cloud platforms

 

Version 2.6.3

9 October 2023

Bug fixes

• Fix for possible issue arising during update within Virtual Central Lock 2.6.x branch

 

Version 2.6.2

2 October 2023

Enhanced IP-to-IP mode instructions

• The new IP-to-IP mode introduced in Virtual Central Lock 2.6.1 has been enhanced for better usability. This mode is specifically created to enable point-to-point communication between IP endpoints within LAN networks behind Tosibox Nodes. For more details, refer to the User Manual or the Helpdesk article "Working with the Access Groups IP-to-IP mode".

Improvements

• IP-to-IP mode is off by default when creating new Access Groups
• Clarified the IP-to-IP mode user interface description

 

Version 2.6.1

22 August 2023

Supported virtualization platforms

• VMWare vSphere/ESXi v7.0 GA
• Microsoft Hyper-V on Windows Server 2016 and 2019
• Linux KVM
• Microsoft Azure Cloud
• Amazon AWS Cloud

Support for TosiControl management UI

• Virtual Central Lock is a central component in network management with TosiControl. Access controls created with the Access Groups can be monitored on TosiControl. Virtual Central Lock also sends a list of network elements and their status information for centralized device management. TosiControl integration requires explicit user approval on the Advanced Settings page.

IP-to-IP mode

• IP-to-IP mode allows creating connections on IP level from the LAN side of one Node to the LAN side of another Node. With the IP-to-IP mode it is possible to limit access between the LAN side devices even if there are more devices present on the Node LANs. IP-to-IP mode is an extension of Access Groups.

Stability and scalability improvements

• Especially large but also smaller Virtual Central Lock deployments gain performance improvement from improved memory management and enhanced file system and internal routines.

Improvements

• Improved robustness and bug fixes to Access Groups
• Tightened firewall rules for DHCP
• Fixed stability issue with Nodes where 1:1 NAT is used
• Fixed rare issue where NTP service failed to start
• Improved robustness for software update process
• Latest underlaying OS security and 3rd party library updates

 

Version 2.4.3 (Central Lock)

29 May 2023

Improvements

• Updated third party libraries to support more secure TLS 1.1 connectivity
• Indication in the user interface whether connection is a relayed (TCP) or direct VPN connection (UDP)

 

Version 2.6.0.1

13 December 2022

Bug fixes

• Resolved Access Groups issue affecting "Allow traffic between Locks" and "Allow L2 traffic between Keys" settings changing from enabled to disabled by itself when updating to version 2.6.0

 

Version 2.6.0

16 November 2022

Supported virtualization platforms

• VMWare vSphere/ESXi v7.0 GA
• Microsoft Hyper-V on Windows Server 2016 and 2019
• Linux KVM
• Microsoft Azure Cloud
• Amazon AWS Cloud

Redesigned access rights management

• Access Groups has been redesigned from the ground up. Access rights management is based on sets of devices and users that are grouped to create access rules called Access Groups. Access Group can consist of one or several device and user sets. Access Groups UI is modernised, graphical and mouse operated based on drag and drop gestures. All the familiar features from previous releases are supported. New Access Groups UI is fully backwards compatible, all upgraded systems will retain already created Access Groups.

Greatly enhanced cybersecurity

• Virtual Central Lock underlying operating system and libraries are upgraded. Connectivity is utilising latest major VPN libraries contributing to greatly enhanced system security.

New audit trail events

• Audit trail stores various actions such as system state and configuration changes. Actions can be traced, filtered and exported on the Logs view. Virtual Central Lock has received new audit events to complement increased functionality such as "System started" and "System shutdown".

Improved software update process

There are different types of updates

• System upgrade – Major release containing foundational changes to the platform and applications
• Software update – Minor release containing updates to selected parts of the system

Https login for web UI

• Web UI access can be made via secure https protocol. Https encrypts traffic between the end user device and the web server and provides increased security. If https is enabled, it is used when accessing from the Virtual Central Lock LAN or over VPN connection.

Revised documentation

• Virtual Central Lock user manual is revised thoroughly. For example, it has a section for installation and system requirements, Access Rights Management is explained in detail, all audit trail events, and email alerts are listed.

Bug fixes

• VPNs are not cut-off when creating or deleting VLANs
• Status page shows selected Lock and Sub Lock
• Protocol ICMP ping is now allowed in access group
• Renaming device in "Network devices" list does not result in unnecessary "Link protocol invalid" error anymore

 

Version 2.5.2

28 June 2022

VPN Usage Logs export

Updated system libraries and security fixes

Stability and scalability improvements

Improvements in Access Groups

Bug fixes

• Fixed issue where Keys can change from layer 3 to layer 2 because of a sw bug and user loses access to VCL.
• Fixed issue where IP address or IP address range in Access Group can have global effect even though it shouldn’t.
• Fixed issues where connection names can get scrambled between VCL and the Key Manager in the Key software.
• Fixed issue where Web UI could be broken when adding blank static route.
• Fixed issue where manually added devices that are outside the IP range are not shown correctly in Web UI
• Network devices list refresh fixed without the need to reload the Status page. Edit and remove buttons work again.
• Fixed issues where duplicate system alerts were sent or no alerts were sent at all.
• Added password copy option when new administrator user password is generated.
• VCL native Chromium browser upgraded and is now in kiosk mode. Browser extensions cannot be installed anymore.
  

 

Version 2.5.1

11 October 2021

Fixed issues

• Rare incident in Access Groups can cause the firewall not configured with the new settings, recently created IP/MAC items should be recreated manually
• Stability improvement in VPN connection management

 

Version 2.5.0

23 March 2021

UI/UX Improvements

• Totally new look and feel
• Online devices are grouped by Locks on the status page

Multiple admin users

• Adding more admin accounts to Virtual Central Lock now possible
• Admin password change is forced on UI after upgrade to 2.5.0

Scheduled access

• Admins can define access schedules for Keys in access groups

Audit trail for connections

• Admins can now see where Keys connect to through Virtual Central Lock plus the connection times and transferred data amounts
• Admin actions are logged for audit purposes

Fixed issues

• Local time made visible on the page where timezone is set
• Log events are now shown correctly on the chosen timezone
• Alerts clock now respects the timezone setting
• Removing hosts from network device list works more reliably

 

Version 2.4.2

23 March 2021

Improvements

• Interim release enabling update to 2.5.0

 

Version 2.4.1

25 March 2020

Improvements

• Virtual Central Lock 2.4.1 supports Azure and AWS installation. Read more from the CTO’s  blog
• Fixed product name shown in Alerts
• Activation is now possible with Static IP on WAN interface
• Adding a new network device does not anymore automatically create HTTP link for that device
• Fix for Alert timeout logic
• Stability & performance fixes

 

Version 2.4.0

29 January 2020

New features and improvements

• Virtual Central lock Lite can now be downloaded.
  • All free (Lite) downloads are limited to 5 connected TOSIBOX® devices (Keys, Locks, Mobile Clients)
  • Status page now shows the amount of connected TOSIBOX® devices / total amount per license, and notifies the user when there are more devices connected than the license allows
  • SMTP server has to be configured for email alerts to work. Tosibox email servers are not used anymore.
• Optimized loading of ‘Keys and Locks’ section on UI
• Improved reconnect time to Locks in case of a connection failure on Virtual Central Lock side
• Removing a Lock connection does not disconnect/reconnect Layer 3 connections anymore
• Fix for Internet connection status display
• Improved configuring routes from Virtual Central Lock Access Groups to Locks
• Fixed port range in Access Groups
• UI optimizations for IE
• Optimized firewall updates
• Several stability improvements

 

Version 2.3.0

15 December 2017

New features and improvements

• Added SoftKey support
• New device icons for different client types in web UI
• Fix for an issue where adding an incomplete static route or another default route caused system malfunction
• Fix for an issue where certain parts of the web UI didn’t work with Mozilla Firefox
• Reliability improvements
• Includes all v2.1.0 – v2.2.0 changes also for Central Lock

 

Notice for Central Lock users updating from v1.4.0: This version replaces earlier IP/MAC filter functionality with Access Groups. During the update, the system will migrate most of the earlier IP/MAC filter rules to Access Groups but there can be certain configurations that cannot be fully migrated nor are supported with Access Groups, e.g. rules affecting communication between Layer 2 connections within the same LAN. Please note this before installing the update and please verify the you have correct settings in Access Groups after the update and make adjustments if required.

 

Version 2.2.0

5 July 2017

New features and improvements

• Master Key can now be matched remotely with the Virtual Central Lock (read more)
• Access groups can now be enabled/disabled
• Mobile Clients inherit now their initial access rights from the Key that was used to create them
• Added warnings when deleting WAN or LAN interfaces
• Fix for an issue where Mobile Clients could not connect if they didn’t belong to any access group
• Fix for an issue where iOS Mobile Client could not connect
• Scan for LAN devices function fixed

 

Version 2.1.1

29 May 2017

Bug fixes

• Fix for a mouse issue on VMWare ESXi
• Fix for an issue where the network interface ordering might have changed after adding new network adapters to the virtual machine

 

Version 2.1.0

31 March 2017

New features and improvements

• First SW release for the Virtual Central Lock
• Support for defining access rights with access groups
• Support for virtual LANs
• New, streamlined web user interface for Central Lock and Virtual Central Lock
• Support for global Lock names
• The Lock’s name is now shown and can be changed in the web UI
• The time zone can be configured
• Added support for NTP (Network Time Protocol) server
• New production units now show the end-user license agreement when the admin logs in for the first time
• Improved reliability of refreshing status information in the web UI
• Gateway option is no longer shown for LAN and VLAN interfaces
• Mitigation for a security issue with VPN connections using Blowfish cipher: TBSA-016-301(CVE-2016-6329)
  • The VPN data channel key is renegotiated much more frequently when Blowfish is used
  • AES-128-CBC is now the default VPN cipher for new Lock 100 production units
  • Lock-to-Lock and Lock-to-Central Lock connections now honor the VPN cipher setting of the main Lock or Central Lock
• WAN port IP address is now shown on web UI also when using DHCP

 

Version 1.4.0

25 June 2015

New features and improvements

• Support for iOS Mobile Clients
• Key-specific IP/MAC filter: access to LAN network devices can now be defined separately for each Key
• Option to add exceptions for restricted Internet access (Industry settings ->Prevent Internet access from LAN …)
• Network device list is now sorted alphabetically in the web UI
• Available software updates are now announced in the web UI
• Support for choosing the preferred VPN data encryption cipher (AES or Blowfish)
• Improved performance with large number of VPN clients
• Improved connection establishment time for Layer 3 Key connections
• Lock’s friendly name is now visible in the alert email subject
• Connection type is now Layer 3 for all new Sub Keys and Backup Keys
• New production units have now 3072 bit RSA keys
• “Wired” text is now shown also for devices in ports LAN2-4
• Fix for an issue where connection alerts were sent even though the connection was restored before timeout
• Fix for an issue where the connection names could sometimes get lost when saving Tosibox devices page
• Fix for an issue with network device list when L3 Locks had a large number of devices

 

Version 1.3.2

28 November 2014

Bug fixes

• Fix for an issue where the Central Lock might not reconnect to Internet after a network problem

 

Version 1.3.1

21 November 2014

Bug fixes

• Fix for a web UI issue that affected new produced units

 

Version 1.3.0

12 November 2014

New features and improvements

• Log data can now be exported in CSV format
• Log events are now generated for web UI login/logout
• Email alerts can be triggered also from system failures (e.g. failing hard drives)
• Connection alerts have now a configurable timeout to prevent alerts from short disconnects
• SW updates can now be installed from the web UI
• Security updates are installed automatically daily
• Initial support for AES ciphers, with AES-256-CBC as the default cipher if the client supports it.
• New options to prevent access from serialized Sub Locks and L3 Locks to Central Lock’s LAN ports
• Access from serialized Locks to Central Lock’s web UI is now prevented by default
• Web UI displays now also the physical IP for devices behind L3 locks when 1:1 NAT is in use
• Serialized L3 Locks can now access the static routes that are configured on the Central Lock
• The Internet can be accessed also from service port
• Idle bandwidth consumption reduced
• Usability improvements on edit connections page
• VPN connections are now disconnected/reconnected only when needed when saving Central Lock settings
• DNS rebind protection is now disabled to avoid possible problems
• Fix for an issue where enabling MAC/IP filter broke access from LAN to L3 Locks
• Fix for an issue where the remote support connection was not closed correctly
• Fix for an issue where changing Key’s access rights changed the connection type to Layer 3
• Fix for an issue where serializations might have gotten lost
• Fix for an issue with static host routes (netmask 255.255.255.255)
• Stability improvements