IACBOX, what’s next?

Outlook to the new major version V24.0


UPDATE May 2024: IP ranges per VLAN

In addition to the medium to large construction sites described below, we have integrated another one into the workflow for V24.0: In future, it will be possible to assign separate IP ranges to different VLANs. This is in response to the wishes of some customers who have integrated their IACBOX in such a way that different user groups should be differentiated in the upstream. In combination with the recently rolled out option of deactivating NAT, this opens up new possibilities such as assigning different uplinks or security policies to user groups at the firewall or generally utilising the possibilities of modern security appliances in combination with the IACBOX.


While our current major version 21 is approaching its end of life with about 30 patchlevel updates, our developer team is working hard on V24.

V21 had many new user interface features like the completely new login page with editor. With V24 it’s more under the hood again. The following is a preview of what’s new in the upcoming major version.

Version scheme

We have simplified the version scheme and will only use the common scheme <Major>.<Minor>.<Patch> in the future. Consequently, the first release will be 24.0.0, the first patch level update will be 24.0.1, and the first major feature update will be 24.1.0.

 

Base Linux System

The base of the IACBOX is our own Linux platform Frozentux, which has been completely renewed again. The main component is the Linux kernel which has now been upgraded to the current LTS (long term support) version 6.1. In addition, many standard Linux programs also have been updated. This not only brings current features and performance improvements, but also provides important security updates, including Openssl 3.1, PHP 8.1, Postgres 15 and much more.

DNS Service

The previous DNS service has been completely replaced, allowing us to replace 3 components with a single DNS service. This not only increases throughput, but also lays the base for encrypted DNS protocols such as DoT (DNS over TLS) and DoH (DNS over HTTP2), which we intend to support in later V23 releases.

DNS Filter

The DNS server also includes the DNS filter which allows to block certain categories of pages. We have cleaned up these categories, purged the lists of outdated domains and now include multiple lists. On the server side, the lists will be updated weekly again.

HTTP Proxy

The transparent HTTP proxy (squid) will be sent off to retirement. In a fully encrypted world (high HTTPS share) unencrypted HTTP connections have rightly become a rarity and the proxy has thus lost its justification. Of course, we still support the connectivity check for devices that do not support the CAPPORT API, but we implement this feature differently. Customers with applications that rely on port 80 or 8080 will benefit from this. In the past there were always conflicts and incompatibilities. These ports can now be used regularly.

Uplink without NAT

Due to high demand, this feature has been ported back to V21 and is already available. This allows the default NAT on the Office LAN (uplink) to be disabled. This allows easy integration with other appliances in the upstream that need to know the client IP such as filters, proxies, malware detection etc.

WebAdmin Dashboard

The monitoring widgets and their charts have been technically updated. Furthermore, some customers have requested the widgets to be arrangeable on the dashboard as desired, as it was already possible in the monitoring popup.

WebAdmin two-factor authentication

The login to WebAdmin can now optionally use two-factor authentication, which can be activated separately for each user. This can be used to better secure full access admin accounts, while for a receptionist account with limited permissions, for example, it can be waived. We start with the most widely used method TOTP (Time-based One-Time-Token) which can be used with many mobile apps like Google Authenticator, MS Authenticator, FreeOTP, etc. FIDO2 for passwordless logins will also be added in later releases.

Partial Backup Restore

Often backups are used not only in case of failure, but also to transfer configuration from one system to another. But besides the desired configuration, unwanted parts like license, network configuration, existing data (incl. DSGVO relevant personal data) are transferred as well. The partial restore of a backup now allows to import only the configuration (optionally without network settings).

PMS, SPMS and KIS

To whom these acronyms mean something – we separate the PMS login method into 3 separate modules: PMS for hotels, SPMS for ships, and HIS for hospitals/care facilities. In the course of this rebuild, we have also extended many PMS configurations so that now, for example, PMS groups are available for almost all PMS types.

iacbox.cloud Integration

V24 will bring the basic iacbox.cloud integration. Initially, cloud-only connectivity will be implemented via an encrypted tunnel, but as V24 progresses, features will be steadily expanded. Planned features include: Overview of connected systems with their current status and easy monitoring, batch rollouts of certain configurations, WebAdmin access via iacbox.cloud.

Bug fixes

As always, a great many small bug fixes and software updates are included.

 

 

 

 

 

 

Are you an entrepreneur looking for a solution to these requirements? Or are you a service provider and advise companies on wireless or wired network solutions?

Let's start a project together

Privacy settings

We use cookies to provide social media features and to analyze traffic to our website. More information

Accept all
Save & close